The Linux team is patching a security flaw in the Linux kernel that has remained unnoticed since 2005. The flaw can be exploited to gain root-level code execution rights from a low-privileged process. The bug in the kernel is being patched by CoreOS, RedHat, Debian, and other Linux distributions.
Linux flaw went unnoticed for over a decade
The security bug (CVE-2017-6074) was discovered by Google intern Andrey Konovalov using syzkaller, a security auditing tool developed by Google. CVE-2017-6074 "is a double-free vulnerability" in the Linux kernel that can be "exploited to gain kernel code execution from unprivileged processes," Konovalov wrote in an announcement post. The flaw has apparently gone unnoticed since 2005.
"The oldest version that was checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005)," Konovalov added.
The bug was introduced when the support for Datagram Congestion Control Protocol (DCCP) was added in version 2.6.14 in October 2005. The double free vulnerability is a type of bug that occurs when an application frees the same memory address twice, potentially leading to memory corruption. This DCCP security flaw could let a local user gain root privileges and allow an attacker to execute arbitrary code in the kernel.
"An attacker can control what object that would be and overwrite its content with arbitrary data by using some of the kernel heap-spraying techniques," he wrote. "If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel."
The issue was patched in the Linux kernel last week, with Linux distributions releasing updates. Konovalov has recommended to update to the latest versions as soon as they are being made available and has promised to publish the exploit code in a few days giving people time to update to secure versions.
In the past few months, we have been learning about several ancient security flaws in the Linux kernel that have remained unnoticed and unpatched.
In October last year, the project patched the Dirty COW exploit, which affected all kernel versions released since 2007. However, unlike Dirty COW which was being exploited in the wild, there is still no evidence of the latest Linux security flaw being exploited in live attacks.