Security News

SGI may be no more but people are still using its code - and some more of that code may be about to enjoy a revival. In December, we reported that Linux kernel 6.2 would receive some bug fixes to XFS, the filesystem from SGI's IRIX proprietary Unix.

The ALPHV ransomware group was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The POORTRY malware is a Windows kernel driver signed using stolen keys belonging to legitimate accounts in Microsoft's Windows Hardware Developer Program.

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. Netfilter is a packet filtering and network address translation framework built into the Linux kernel that is managed through front-end utilities, such as IPtables and UFW. According to a new advisory published yesterday, corrupting the system's internal state leads to a use-after-free vulnerability that can be exploited to perform arbitrary reads and writes in the kernel memory.

Roid security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. According to a Google Threat Analysis Group report published in March, it was exploited as part of a complex chain of multiple 0-days and n-days in a spyware campaign targeting Samsung Android phones.

"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. Linux kernel 6.0 debuts, Linus Torvalds teases 'core new things' coming in version 6.1 Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Apple gets lawsuit over Meltdown and Spectre dismissed Boffins release tool to decrypt Intel microcode.

Oops init triggering oops via BUG() ------[ cut here ]------ kernel BUG at /home/duck/Articles/linuxoops/oops. When kernel version 6.2.3 came out at the end of last week, two tiny changes quickly proved to be problematic, with users reporting kernel oopses when managing disk storage.

Microsoft is testing a new diagnostic tool in Windows 11 that lets you create live kernel memory dumps without disrupting the operation of Windows. A live kernel dump is a snapshot of the kernel's memory at the time of the dump, which is then saved to a file.

ZDI doesn't just deal in competitive bug hunting in its twice-a-year contests, so it also regularly puts out vulnerability notices for zero-days that were disclosed in more conventional ways, like this one, entitled Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability. Even though this bug has had some dramatic coverage over the holiday weekend, given that it was a remote code execution hole in the Linux kernel itself, and came with a so-called CVSS score of 10/10, considered Critical.

Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread. Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15.

Microsoft now has an advisory out that's blaming rogue partners. The problem with certified kernel drivers, of course, is because they have to be signed by Microsoft, and because driver signing is compulsory on Windows, it means that if you can get your kernel driver signed, you don't need hacks or vulnerabilities or exploits to be able to load one as part of a cyberattack.