Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

What are the vulnerabilities of Linux Kernel information disclosure and privilege escalation?

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces what the loophole of Linux Kernel information leakage and privilege promotion refers to, the content is very detailed, interested friends can refer to, I hope it can be helpful to you.

0x00 vulnerability background

On March 31, 2020, 360CERT monitoring found that the Linux kernel privilege enhancement vulnerability demonstrated by ZDI in the Pwn2Own competition has been included by CVE. CVE number: CVE-2020-8835.

The vulnerability was discovered by @ Manfred Paul because the bpf validator did not correctly calculate the register range for certain operations, resulting in incorrect register boundary calculation, which led to out-of-bounds reads and writes.

This vulnerability is introduced in Linux Kernelcommit (581738a681b6).

0x01 risk rating

360CERT assesses the vulnerability

Assessment methods, threat levels, high risk areas are limited.

360CERT recommends that users update Linux Kernel in a timely manner. Do a good job of asset self-check / self-test / prevention to avoid attack.

0x02 affects version

Linux Kernel 5.4

Linux Kernel 5.5

0x03 repair recommendation

Because the lower version of the kernel is not affected or has been repaired in time

It is recommended that users using the latest versions of various distributions (for example, Debain bullseye/sid;Ubuntu 20.04) should be timely.

Update Linux Kernel

The temporary repair plan officially given by Ubuntu

$sudo sysctl kernel.unprivileged_bpf_disabled=1

$echo kernel.unprivileged_bpf_disabled=1 |\

Sudo tee / etc/sysctl.d/90-CVE-2020-8835.conf about Linux Kernel information disclosure and privilege escalation vulnerabilities refer to what is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities permissions suggestions versions levels influences messages content kernels registers more users help updates ratings good interest official guys buddies vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MySQL MariaDB NVidia Microsoft Shulou Information vpn Shulou Technology Huawei macOS Docker Redmi Xiaomi Apple Linux OPPO Reno Shulou Tech Info MySQL MariaDB NVidia Microsoft Shulou Information vpn Shulou Technology Huawei macOS Docker Redmi Xiaomi Apple Linux OPPO Reno Shulou Tech Info

Share To

Related

Internet Technology

More Internet Technology >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report