Linux kernel gets fix for serious DoS vulnerability


Linux vulnerability

The Linux community has received a patch for a security hole that could cause a denial of service (DoS) attack. Linux distributions that are affected by the flaw includes the recent versions Debian, Fedora, Red Hat Enterprise Linux and Ubuntu.

Security researcher Philip Pettersson spotted the vulnerability, designated CVE-2016-8655, within the packet_set_ring function of Linux kernel. Pettersson described a race condition that exploits a local user through AF_PACKET sockets with CAP_NET_RAW in the network namespace.

“A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges,” reads the brief description.

Apart from the DoS vulnerability spotted by Pettersson, researchers have found CVE-2016-6480 and CVE-2016-6828. Both the flaws exist within the kernel code and can crash the system by a local attacker.

Patches for all the three vulnerabilities are started rolling out for major Linux distributions. It is recommended to download the latest versions to avoid any severe attacks.


Please enter your comment!
Please enter your name here