Friday, September 30, 2022
HomeOnline BusinessLinode Safety Digest | Linux Kernel

Linode Safety Digest | Linux Kernel

Subjects on this week’s safety digest embody:

  • a race situation within the Linux kernel’s reminiscence subsystem;
  • a path traversal vulnerability within the UnRAR software program resulting in a zero-Day in Zimbra; and 
  • discovery of an architectural bug in Intel’s CPUs.

Linux Kernel Vulnerability –  CVE-2022-2590

David Hildenbrand of Pink Hat—with participation from Amit Nadav from VMware— not too long ago found a vulnerability in Linux kernel variations 5.16 or increased, that might end in an adversary modifying the contents of shared reminiscence (shmem/tmpfs) recordsdata. Named the “Soiled COW vulnerability restricted to tmpfs/shmem” the flaw (CVE-2022-2590) can permit a neighborhood authenticated consumer to escalate their privileges on the system by exploiting a race situation within the copy-on-write mechanism in Linux’s memory-management subsystem. The x86-64 and aarch64 platforms are affected.

Copy-on-write is a useful resource administration technique applied in varied methods, resembling databases, filesystems, and working methods. A simplified clarification could be that if completely different processes are accessing the identical useful resource/object within the reminiscence, and if a course of tries to write down to the shared useful resource, a web page fault happens and the kernel creates a brand new non-public copy of the useful resource for the writing course of. This prevents knowledge corruption and any writes to the shared useful resource changing into seen to different processes. The impact of this vulnerability appears to be restricted to the tmpfs filesystem, which is mostly used for mounting /tmp, /var/lock, /var/run and /dev/shm directories. 

A prerequisite for exploitation is that the kernel is compiled with CONFIG_USERFAULTFD=y, which permits consumer area processes to deal with web page faults by way of the userfaultfd system name.

Extra info might be discovered within the upstream commit patch.

Path Traversal Vulnerability in UnRAR

A path traversal vulnerability within the Unix/Linux variations of UnRAR software program was discovered by Simon Scannell, a SonarSource researcher, in late June. The vulnerability, tracked as CVE-2022-30333, is exploitable when a consumer or a service tries to extract a maliciously-crafted RAR archive, resulting in creation of recordsdata outdoors the goal extraction folder.

Zimbra is a well-liked collaborative software program and an e-mail platform accessible for Linux. It’s a part of an ongoing zero-day assault marketing campaign that exploits unpatched UnRAR installations on the server. This has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add the flaw in UnRAR to its Recognized Exploited Vulnerabilities Catalog

Per the SonarSource weblog, a menace actor can ship an e-mail containing a malicious .rar attachment to a Zimbra occasion, the e-mail passes by way of the Amavis service, which is accountable for parsing and checking the incoming message. The service may extract e-mail attachments to be checked for spam or malware, requiring no consumer interplay. Since Amavis depends on UnRAR to extract any .rar attachments, an attacker can drop arbitrary recordsdata on a goal system or obtain distant code execution by exploiting the vulnerability in UnRAR to compromise a Zimbra occasion.

The vulnerability in UnRAR was addressed by RarLab within the supply code model 6.1.7 and is patched within the model 6.12. Zimbra has mitigated the flaw within the newest updates to its companies and platform.

ÆPIC Leak, an Architectural Bug in Intel CPUs

An architectural bug affecting tenth, eleventh, and twelfth technology Intel CPUs was found collectively by researchers from Sapienza College of Rome, the Graz College of Expertise, Amazon Net Companies, and the CISPA Helmholtz Middle for Info Safety. The flaw is within the The Superior Programmable Interrupt Controller (APIC) CPU element, which is accountable for accepting, prioritizing and dispatching interrupts to the processor cores. A profitable exploitation requires Administrator or root privileges to APIC MMIO and will end in disclosure of delicate info from the processor.

As famous on the ÆPIC Leak web site, this bug differs from Meltdown and Spectre vulnerabilities in that the delicate knowledge might be disclosed with out counting on facet channel assaults. Moreover, cloud workloads will not be granted direct entry to underlying {hardware}’s Superior Programmable Interrupt Controller by the hypervisors, so the danger of the vulnerability being exploited by a cloud VM is mitigated.

Intel has launched a safety advisory for the bug and firmware updates to handle this vulnerability.

Trending Vulnerabilities this Week

  • CVE-2022-27925: Listing traversal in Zimbra Collaboration
  • CVE-2022-37042: Potential listing traversal and distant code execution in Zimbra Collaboration suite
  • CVE-2022-32893: Arbitrary code execution in Safari
  • CVE-2022-28756: Native Privilege Escalation in Zoom Consumer for Conferences for macOS
  • CVE-2022-30190: Microsoft Home windows Assist Diagnostic Device (MSDT) Distant Code Execution Vulnerability.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments