Patch ready for newly-discovered Linux kernel flaw

Young security researcher Pinkie Pie has found a bug in the Linux kernel that security experts say is urgent to fix.
Written by Liam Tung, Contributing Writer

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

The patch is the second major update for the Linux kernel in three weeks, following last month's fixes for Ubuntu, Red Hat, and Debian due to a bug in the n_tty_write function.

Reported on Thursday by Debian and recorded as CVE-2014-3153, the new flaw is due to an issue in the kernel's "futex subsystem", which could allow an attacker with local access to gain access to perform unauthorised actions.

As per Debian's write-up: "Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."

Teenager Pinkie Pie has developed a reputation as a skilled hacker after scooping at least $100,000 for elegantly bypassing security features of Google's Chrome every year since 2012.

According to Kees Cook, a Google ChromeOS security engineer and Ubuntu contributor, the latest flaw found by Pinkie Pie is "urgent to fix".

"Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0," Cook wrote on Seclists.org.

"This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive)."

Updates addressing the patches for OpenWall can be found here

As noted by Swiss security consultancy Scip, while the bug can be easily exploited, technical details of it remain unknown and there is currently no known exploit publicly available.

Read more on security

Editorial standards