Root kernel vulnerability threatens many Linux distributions

Patch your Linux systems now!

2021/07/22

Security researchers from Qualys have discovered the vulnerability (CVE-2021-33909) and published exploit code. After successful attacks, attackers can gain root privileges. The vulnerability affects the file system from the Linux kernel from 2014.

Due to conversion errors in the kernel's file system, local attackers would only need to write the 10-byte string //deleted in the kernel's address range without authentication to gain root privileges.

Security patches are available.

A second vulnerability

In addition, researchers have discovered a vulnerability (CVE-2021-33910) in Systemd that affects many Linux systems. Here, an attack can lead to a kernel panic state. The vulnerability was introduced in Systemd v220 from April 2015, according to the researchers. To secure systems against these attacks, Linux users need to make sure their distribution is up to date.

Source: www.heise.de.

Read the full article there.