Low-level exploit sends Ubuntu, OpenSUSE kernel bug hunting

Bug in Linux x32 application binary interface could allow an attacker to escalate privileges.

OpenSUSE and Ubuntu may be susceptible to a vulnerability in a low-level application interface recently introduced to the two Linux distributions.

Both operating systems have begun including support for the Linux x32 application binary interface (ABI) — similar to a software/code-level application programming interface (API), but at machine code level.

The x32 ABI essentially allows 32-bit applications to take advantage of 64-bit x86 architectures. For it to be enabled, however, administrators need to have enabled it while building the Linux kernel. Notable exceptions to this are OpenSUSE and Ubuntu, which had enabled it by default in their distributions.

Chrome OS security engineer Kees Cook outed the vulnerability in x32 ABI, which could allow an unprivileged user to escalate their privileges due to an arbitrary kernel write flaw.

According to Cook, the bug affects all Linux kernels since 3.4, in which the option to include x32 support was included. He has also released proof-of-concept code, showing how the vulnerability can be abused.

A fix for the vulnerability has been developed, and Ubuntu has issued its own update in response.

Red Hat has previously been paged by its users to enable x32 support in Fedora 18; however, it refused to include it, citing security concerns.

"It affects every user by potentially exposing them to as-yet-unfound security bugs for zero gain," Red Hat kernel developer Dave Jones said at the time.

"In addition to this, it increases the potential attack surface for all users, 99.9 percent of which will never even use this feature unless we enable it for additional packages."

Users can test if they are vulnerable by checking if the CONFIG_X86_X32 variable is set in their kernel configuration.