Security News

Google has released the second part of the May security patch for Android, including a fix for an actively exploited Linux kernel vulnerability. As Android uses a modified Linux kernel, the vulnerability also affects the operating system.

Max Kellermann, a coder and security researcher for German content management software creators CM4all, has just published a fascinating report about a Linux kernel bug that was patched recently. He called the vulnerability Dirty Pipe, because it involves insecure interaction between a true Linux file and a Linux pipe, which is a memory-only data buffer that can be used like a file.

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. The Linux kernel flaw is said to have existed since version 5.8, with the vulnerability sharing similarities to that of Dirty Cow, which came to light in October 2016.

To go along with the "Dirty Pipe" Linux security bug coming to light, two researchers from Huawei - Yiqi Sun and Kevin Wang - have discovered a vulnerability in the "Control groups" feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary commands on a host machine. The bug exists in the Linux kernel's "Cgroup release agent write" feature, which is found in the "Kernel/cgroup/cgroup-v1.c" function.

A Linux local privilege escalation flaw dubbed Dirty Pipe has been discovered and disclosed along with proof-of-concept exploit code. Max Kellermann said he found the programming blunder and reported it to the kernel security team in February, which issued patches within a few days.

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1, which allows processes to be organized into hierarchical groups, effectively making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network.

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques. "We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.

That's the sort of glitch behind CVE-2022-0330, a Linux kernel bug in the Intel i915 graphics card driver that was patched last week. Permission to load and run code on the GPU. Once again, in some environments, users might have graphics processing uniut "Coding powers" not because they are avid gamers, but in order to take advantages of the GPU's huge performance for specialised programming - everything from image and video rendering, through cryptomining, to cryptographic research.

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system. CVE-2022-0185 is a heap-based buffer overflow vulnerability in the "File System Context" Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution.

ESET researchers took an in-depth look into the abuse of vulnerable kernel drivers. Among the various types of kernel drivers are "Software" drivers that provide specific, non-hardware related features like software debugging and diagnostics, system analysis, etc.