Linux Kernel Vulnerability
Cluster focuses on a Linux kernel security flaw enabling potential rootkits, arbitrary code execution, and privilege escalation, with debates on exploit feasibility, mitigations like kernel patches, and comparisons to Windows protections.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Why - it's not like they're going to sneak vulnerabilities into the kernel?
A compromised kernel does not seem that unlikely. I am not fammilar with Windows, but I assume it supports hotloading code into kernel space (like modules in linux), given this, it would be trivial to get from root in userspace to arbitrary code execution in kernel space.
Informative response from Kees Cook of the Kernel Self-Protection Project (KSPP):http://www.openwall.com/lists/kernel-hardening/2017/05/02/4
See a certain Linux kernel exploit: http://lwn.net/Articles/342330/
Seems like a great way to get rootkits into the Linux kernel ...
No, they don't. In order to "exploit" this "bug" you need to be in ring 0. And if you are in ring 0 you own everything anyway. This is clickbait.
Or could this be an invitation to make it possible for the XXX to hack the kernel? Seems it could go either way.
I was expecting a kernel vulnerability. This is really more of an exploit payload.
Wow, this is pretty awful. Willfully defeating a security feature of the kernel.
Well, the exploit doesn't seem to work on my kernel 4.1.0 system, so that's good.