Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Linux

Federal Agency Warns (Patched) Critical Linux Vulnerability Being Actively Exploited (arstechnica.com) 21

"The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild," reported Ars Technica on Friday.

"The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges." It's the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation. The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations... It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.

A deep-dive write-up of the vulnerability reveals that these exploits provide "a very powerful double-free primitive when the correct code paths are hit." Double-free vulnerabilities are a subclass of use-after-free errors...

This discussion has been archived. No new comments can be posted.

Federal Agency Warns (Patched) Critical Linux Vulnerability Being Actively Exploited

Comments Filter:
  • NF_table? (Score:4, Interesting)

    by jmccue ( 834797 ) on Saturday June 01, 2024 @05:49PM (#64516345) Homepage

    While serious, it is with NF_tables, IIRC a replacement for IPtables. Does anyone use NF_tables ?

    Too bad the article did not do a "deep-dive" into how much use NF_tables get.

    • Re: NF_table? (Score:5, Interesting)

      by guruevi ( 827432 ) on Saturday June 01, 2024 @06:03PM (#64516363)

      Anything that uses systemd/firewalld/networkd uses nffilter. I believe Kubernetes and Docker uses it too now because systemd compatibility mandates it.

      • That almost sounds like an admission that all the people that refuse to utilize the mess that is systemd were correct in doing so.

    • Re:NF_table? (Score:5, Informative)

      by Tailhook ( 98486 ) on Saturday June 01, 2024 @06:16PM (#64516393)

      It's in wide use. The iptables-nft compatibility layer preserves the traditional iptables CLI etc., but uses NF_tables for the actual rules. This is done in popular distros, so many people are using NT_tables without knowing and/or caring much.

      • by jmccue ( 834797 )

        Interesting, I did not know this. I am still using IPtables, I guess something passes through to NFTables based upon your post.

        Thanks

        • Re:NF_table? (Score:5, Informative)

          by ls671 ( 1122017 ) on Saturday June 01, 2024 @07:22PM (#64516505) Homepage

          Interesting, I did not know this. I am still using IPtables, I guess something passes through to NFTables based upon your post.

          Thanks

          You are most likely using nf_tables, iptbales has been long gone for eons! You are just using iptables syntax to interact with nf_tables.

          Simply type this command: lsmod
          https://unix.stackexchange.com... [stackexchange.com]

        • The kernel changed to nftables internally which largely preserves reverse compatibility with iptables and the iptables tools were updated to use it transparently. You've probably been using nftables under the hood unwittingly for a few years without benefiting from any of it's extra features. (Not to imply that I know what they actually are.)

      • by gweihir ( 88907 )

        It is. I found that my custom-kernels are not vulnerable (I do not add the things required to run containers), but stock Debian kernels are, unless new enough to be patched. Looks to me like Linux is getting too complex and too much stuff is on by default.

  • I know you young punks think your high-level languages are the bees knees, but mistakes like this one are exactly what happens when you get lazy!

    Important systems should be written in assembly, by real programmers who know what they are doing!

    Sheesh.

    (No, I am not serious).

  • by reanjr ( 588767 ) on Saturday June 01, 2024 @09:24PM (#64516707) Homepage

    "a class of vulnerability that occurs in software written in the C and C++ languages"

    This type of thing can happen in any language with direct memory access. Summary makes it sound like it only happens to C programmers.

    • by gweihir ( 88907 )

      Double-free can essentially happen in any language that allows explicit memory management. The alternative is a performance hit because there are additional changes.

New crypt. See /usr/news/crypt.

Working...