Linux Kernel Found 3 Year Old Vulnerabilities that Allow Root Access

Linux Kernel

“Bad Things Come in Threes.” Three historical vulnerabilities have been discovered in the Linux kernel. If exploited, it could be used to gain root access to those systems. The original researchers from the security firm GRIMM have stated that these vulnerabilities remained undiscovered for 15 years.

The vulnerabilities exist in the Linux kernel SCSI (Small Computer System Interface) module. While not loaded by default, the kernel’s support for on-demand loading of modules means that it can be called with ease. CentOS 8, Fedora, and all versions of RedHat Enterprise tested are vulnerable.

On Debian and Ubuntu systems, the modules are only loaded by the kernel if RDMA hardware is in use, meaning that although the scope is limited, the vulnerabilities are still present.

The impact:

If an attacker exploits one of the three CVEs, they can gain root privileges on Linux Operating Systems, the most privileged access on Unix-based systems.

Whilst these vulnerabilities are dangerous, an attacker must have an existing foothold on the host to exploit them. It is unlikely that an adversary can exploit this remotely as the module is not accessible externally. These vulnerabilities are labeled as Local Privilege Escalation (LPE).

The remediation:

Patches have been available since the 7th of March (2021), individuals running Linux-based hosts should upgrade their kernels to mitigate against the trio of vulnerabilities.

Source: Blog Grimm

Risk Crew