Security News > 2020 > April > Patch Released for Linux Kernel Vulnerability Disclosed at Hacking Contest
A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop.
He leveraged an improper input validation bug in the Linux kernel to escalate privileges to root.
Linux kernel developers have patched the bug and Ubuntu has released updates and mitigations to address the vulnerability.
Red Hat says Enterprise Linux 5, 6, 7 and 8 and Red Hat Enterprise MRG 2 are not affected as the kernel version they use did not backport the commit that introduced the flaw.
Ubuntu security engineer Steve Beattie has made available some technical details about the vulnerability.
News URL
Related news
- OpenPaX: Open-source kernel patch that mitigates memory safety errors (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)