/>
X
Innovation

Old Linux storage bugs, new security patches

You may not have used SCSI this decade, but the old storage interface software is still in Linux and security holes have been found, and fixed, within it.

One of the good things about Linux is that it supports so much old hardware. With just a bit of work, there's almost no computing hardware that can't run Linux. That's the good news. The bad news is that sometimes ancient security holes can be found within old programs. That's the case with Linux's Small Computer System Interface (SCSI) data transport driver.

A trio of security holes -- CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364 -- was found by security company GRIMM researchers in an almost forgotten corner of the mainline Linux kernel. The first two of these have a Common Vulnerability Scoring System (CVSS) score above 7, which is high. While you may not have had a SCSI or iSCSI drive in ages, these 15 years old bugs are still around. One of them could be used in a Local Privilege Escalation (LPE) attack. In other words, a normal user could use them to become the root user.

Don't let the word "local" fool you. As Adam Nichols, Principal of Software Security at GRIMM, said: "These issues make the impact of any remotely exploitable vulnerability more severe. Enterprises running publicly facing servers would be at the most risk."

True, the vulnerable SCSI code isn't loaded by default on most desktop distros. But it's a different story on Linux servers. If your server needs RDMA (Remote Direct Memory Access), a high-throughput, low-latency networking technology, it's likely to autoload the rdma-core Linux kernel module, which brings with it the vulnerable SCSI code. 

Whoops!

Exploiting the hole isn't easy, but GRIMM has released a proof of concept exploit, which shows how to exploit two of the vulnerabilities. Now that the way has been shown you can count on attackers giving it a try. 

In particular, CentOS 8, Red Hat Enterprise Linux (RHEL) 8, and Fedora systems, where unprivileged users can automatically load the required modules if the rdma-core package is installed, are vulnerable. SUSE Linux Enterprise Server (SLES) can also be attacked. Ubuntu 18.04 and earlier are also open to attack.  And, of course, if you're actually using SCSI or iSCSI drives you can be assaulted.

Fortunately, these bugs have already been patched. So, unless you like taking chances with your Linux servers, I'd advise you to patch your Linux distributions as soon as possible.

Related Stories:

Editorial standards

Related

What you should know before buying an older phone this holiday
OnePlus N300 vs Samsung Galaxy S21

What you should know before buying an older phone this holiday

LG Chem to spend $3.2 billion on cathode plant in the US for EV batteries
Tesla Model 3

LG Chem to spend $3.2 billion on cathode plant in the US for EV batteries

Sony's 55-inch A80K OLED Google TV is nearly half off ahead of Black Friday
sony-bravia-xr-oled-a80k

Sony's 55-inch A80K OLED Google TV is nearly half off ahead of Black Friday