Security News

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. It contains /proc/[pid] subdirectories, each of which contains files and subdirectories exposing information about specific processes, readable by using the corresponding process ID. In the case of the "Syscall" file, it's a legitimate Linux operating system file that contains logs of system calls used by the kernel.

Recently the Linux kernel community was aflame due to efforts by researchers at the University of Minnesota to intentionally torpedo Linux security by submitting faulty patches. Organizations of all sizes have depended upon Linux for performance and security for decades; in fact, those same organizations depend upon a wide array of open source, generally.

Recent Linux kernel updates include patches for a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Symantec reported on Monday that Piotr Krysiuk, a member of its Threat Hunter team, has identified two new vulnerabilities in the Linux kernel that can be exploited to bypass mitigations for the Spectre vulnerabilities.

Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel. Except, of course, that most Linux systems not only come with hundreds or even thousands of kernel modules in the /lib/modules directory tree, ready to use in case they are ever needed, but also come configured to allow suitably authorised apps to trigger the automatic loading of modules on demand.

Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. GRIMM researchers discovered the bugs 15 years after they were introduced in 2006 during the initial development stages of the iSCSI kernel subsystem.

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel. Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.

Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server.

Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform. The pervasive Linux operating system, according to a recent report from the Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard, needs additional work on security.

Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.

Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security. "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.