Security News > 2020 > April > Patch Released for Linux Kernel Vulnerability Disclosed at Hacking Contest
2020-04-01 15:37
A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop.
He leveraged an improper input validation bug in the Linux kernel to escalate privileges to root.
Linux kernel developers have patched the bug and Ubuntu has released updates and mitigations to address the vulnerability.
Red Hat says Enterprise Linux 5, 6, 7 and 8 and Red Hat Enterprise MRG 2 are not affected as the kernel version they use did not backport the commit that introduced the flaw.
Ubuntu security engineer Steve Beattie has made available some technical details about the vulnerability.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- OpenPaX: Open-source kernel patch that mitigates memory safety errors (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)