Threat Watch

Linux Kernel Patching Puts Users at Risk

A researcher released an exploit for Ubuntu 18.04 dubbed “ugly exploit,” which takes about an hour to run before exploiting a root shell. The flaw (CVE-2018-17182) is a cache invalidation flaw that resides in Linux memory management and was reported on September 12th, 2018. According to researchers, “Linux founder Linus Torvalds fixed it in his upstream kernel tree two weeks ago, an impressively fast single day after Horn reported the issue. And within days it was also fixed in the upstream stable kernel releases 4.18.9, 4.14.71, 4.9.128, and 4.4.157. There’s also a fix in release 3.16.58.” Some Linux distributions are putting users at risk of attack due to not reacting quick enough to frequently update upstream stable kernel releases. Once patches are adopted in the upstream kernel, the patches are made available to the public, allowing attackers to create an exploit. End users of Linux distributions are not protected until each distribution has merged the changes from upstream stable kernels. Users will then install the updated release. The flaw was also announced on public mailing lists on September 18th, 2018 which gives Linux distributions and potential attackers time to act. As of September 26th, 2018, Debian stable and Ubuntu recent releases (16.04 and 18.04) had yet to resolve the issue. This leaves quite some time between the flaw being known and exploitable to when it gets patched.

ANALYST NOTES