On March 12, 2021 three vulnerabilities in Linux were publicly disclosed revealing kernel issues dating back fifteen years:
While the code is not remotely accessible, it is a force multiplier for any threat actor who already has compromised a user account or a misconfigured service. Despite Linux’s open source nature, Windows systems overshadow Linux based machines in the commercial enterprise markets and that can mean less eyes on critical services reviewing current and legacy code.
These issues effect all Linux distributions with researchers adding that a non-privileged user on all Red Hat distributions tested was able to load the kernel modules needed for exploitation. Debian based systems are vulnerable as well, just not so easily. Debian systems “…are in the same boat as Red Hat, where the user, depending on what packages are installed, can coerce it into getting loaded; then it’s there to be exploited,” according to Adam Nichols, principal of the Software Security practice at GRIMM.
Responsible software development is as important as ever and may be considered as a “first line of defense” when it comes to cyber security, however this is monumental task that relies on regular focus. As in the case above, what was well and secure years ago has fallen vulnerable to common exploitation tactics today. General practices such as patch management will help assist enterprise to stay current and as protected as possible. When that fails, it is just as important to have a team such as a Security Operations Center, Threat Hunt, or Threat Intelligence to detect or defend against such issues.