Patch ready for newly-discovered Linux kernel flaw

Patch ready for newly-discovered Linux kernel flaw

Summary: Young security researcher Pinkie Pie has found a bug in the Linux kernel that security experts say is urgent to fix.

SHARE:
34

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

The patch is the second major update for the Linux kernel in three weeks, following last month's fixes for Ubuntu, Red Hat, and Debian due to a bug in the n_tty_write function.

Reported on Thursday by Debian and recorded as CVE-2014-3153, the new flaw is due to an issue in the kernel's "futex subsystem", which could allow an attacker with local access to gain access to perform unauthorised actions.

As per Debian's write-up: "Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."

Teenager Pinkie Pie has developed a reputation as a skilled hacker after scooping at least $100,000 for elegantly bypassing security features of Google's Chrome every year since 2012.

According to Kees Cook, a Google ChromeOS security engineer and Ubuntu contributor, the latest flaw found by Pinkie Pie is "urgent to fix".

"Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0," Cook wrote on Seclists.org.

"This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive)."

Updates addressing the patches for OpenWall can be found here

As noted by Swiss security consultancy Scip, while the bug can be easily exploited, technical details of it remain unknown and there is currently no known exploit publicly available.

Read more on security

Topics: Security, Linux, Open Source

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • A bad streak for Linux

    Swiss Cheese.
    honeymonster
    • Still more secure than the alternatives...

      :)
      jessepollard
      • Well, except maybe the BSD varients.

        :)
        jessepollard
      • Hard to say

        Linux is more open than, say, Windows Server 2012 R2 so its more transparent. Means flaws can be found by anyone which means they are quickly patched but it also means a flaw can be found and not reported and exploited.

        And as far as desktop, Linux has less than 1% which means it simply is not targeted like Windows or even Mac. And Android is built on Linux but if you open up any OS like you do when side loading apps, you open yourself up with exploits like you do when you run as admin on a Windows PC.

        I would say all the major OSs are about as secure as the other if they are the latest, fully patched, and running in a non-privileged token.
        Rann Xeroxx
        • I agree

          People who claim 'OS A is more secure than OS B' are usually trolls, and often technically illiterate too (like the poster you replied to). The security models behind all widely used operating systems are fairly similar, and they all have vulnerabilities. Each has got its own strengths and weaknesses as well, but vulnerability to an attack is mostly a matter of user error and whether or not users are targeted.

          Where there are substantial differences between widely used operating systems, it doesn't tend to be differences in OS security models that matter. The much better security record of iOS v Android, for example, doesn't mean iOS/XNU is more secure than Android/Linux. The core operating systems in both cases are fairly similar. The much lower vulnerability of iOS v Android is a result of the App Store being much better managed than Google Play.

          The difference between the App Store and Google Play, in turn, reflects the different business models. Apple sell products, and Google sell users. For Apple, the product has to be good enough to convince users to pay a positive (above zero) price. For Google, Android is a loss-making business that entails dumping zero-priced software into the device market, and exists only to attract users that Google can then sell to advertisers. Android has only to be good enough to stop users paying more (the hardware price plus a positive price to cover OS development) for something better, like an iOS device.
          WilErz
    • but its local access

      So that rules out most attacks... I just wonder how this applies to OpenVZ
      Jimster480
      • re: but its local access

        In a shared server environment that could be a huge universe of access.
        none none
    • no indication how long ago pinkie found the bug

      Appears they didn't report it until they had the fix but there's another report that Google credits pinkie 4 days ago... and a non descript write up in Nov 2013 of pinkies exploits

      "including one buried deep within the Linux kernel."

      honesty.
      greywolf7
  • the FOSS community cares

    unlike proprietary sw that leaves security issues linger for years.
    LlNUX Geek
    • Will be patched

      Probably
      Jimster480
  • 15 years isnt lingering for years?

    The newest OpenSSL bug is found the be 15+ years old... So I wanted bother trying to defend how solid open source is at the moment.

    https://www.imperialviolet.org/2014/06/05/earlyccs.html
    aesonaus
    • damn lack of edit...

      That should read ' I wouldn't bother' not 'i wanted bother'
      aesonaus
    • sounds pretty secure to me

      if it took 15 years to find the exploit... Must have been a pretty special use case. And its patched now.
      Jimster480
      • Inadequate team

        The entire world depends on openSSL - which is developed with a part-time team of 6 people.
        Roger Ramjet
        • 11 good volunteers are better than 100 disgruntled employees.

          As 11 is the current number of Openssl volunteers.

          But correctness aside, what's your point?
          anothercanuck
    • re: 15 years isnt lingering for years?

      I believe the OP is referring to known vulns in proprietary SW, some of which do go unpatched for long periods of time.
      none none
  • Patch ready for newly-discovered Linux kernel flaw

    YAFIL. Yet another flaw in linux. Time for the linux admins to get their compilers warmed up since this might take a while. Download the source, configure, compile, and hope it executes without erroring out first. This supposedly secure OS sure does have a lot of security issues. Glad I don't run it, I just can't take that chance with my machines.
    Loverock.Davidson
    • No need... The distributions already provide the compiled code.

      Actually, this was fixed last month.

      And you take a bigger chance with whatever you are running - as you can't even look for security problems, nor can you fix them.

      You are stuck with them until your vendor:
      1) admits to a problem (can take years)
      2) fixes a problem (sometimes the fix doesn't work, or adds another problem...)
      3) doesn't reintroduce the problem later...
      jessepollard
      • same issue

        With FOSS...

        No platform is a winner when it comes to security.

        Any platform properly hardened is as secure as any other.

        Out of the box I assume it would be the same (in saying that I assume Linux prevent you running stuff as admin without prompting, turns on firewalls by default, comes with malware protection built in, etc.)

        Actually except maybe MacOSx, maybe that's not as good as the others... But then i haven't used one in 20 years so wouldn't know if its out of the box settings are at the same level as those highlighted above.
        aesonaus
        • But remember...

          Mac OSX has Linus under the hood, so if Linus has a problem, OSX probably does as well.

          Jim
          (A Mac user at home and work from 1985-present, Mac+ to MacBook Pro)
          RangerJimK