Security News
Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers. The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder.
Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks. The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.
Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices. According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.
Some information needs to be leaked from the kernel that reveals the current layout of its components in RAM. If a ROP exploit just guesses the kernel's layout and is wrong, it will trigger a crash, and this can be detected and acted on by an administrator. "Using speculative execution for crash suppression allows the elevation of basic memory write vulnerabilities into powerful speculative probing primitives that leak through microarchitectural side effects," the paper stated.
In contrast, a high-end GPU might have 2000 to 5000 cores, but they aren't each able to run completely different instructions at the same time. Servers fitted with GPUs probably need two sets of patches, covering both the NVIDIA GPU drivers that control the actual hardware in the physical system, and the NVIDIA vGPU software, which shares out physical GPUs between guest operating systems running under virtualisation software from vendors including Citrix, Red Hat and VMWare.
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company's industrial products. Researcher Juha-Matti Tilli discovered in 2018 that the Linux kernel was affected by two vulnerabilities that could be exploited to launch remote denial-of-service attacks by sending specially crafted packets to the targeted system.
A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop. He leveraged an improper input validation bug in the Linux kernel to escalate privileges to root.
A Google Project Zero researcher claims that some of the security features added by Samsung to the Android kernel don't provide meaningful protection and they actually increase the attack surface. Project Zero researcher Jann Horn has analyzed the Android kernel shipped by Samsung with its Galaxy A50 phones and found that some security features added by the tech giant actually make security worse.