๐ [$] The Sequoia seq_file vulnerability
๐ก Newskategorie: Linux Tipps
๐ Quelle: lwn.net
A local root hole in the Linux kernel, called Sequoia, was disclosed by Qualys on Julyย 20. A full system compromise is possible until the kernel is patched (or mitigations that may not be fully effective are applied). At its core, the vulnerability relies on a path through the kernel where 64-bit size_t values are "converted" to signed integers, which effectively results in an overflow. The flaw was reported to Red Hat on Juneย 9, along with a local systemd denial-of-service vulnerability, leading to a kernel crash, found at the same time. Systems with untrusted local users need updates for both problems applied as soon as they are availableโout of an abundance of caution, other systems likely should be updated as well. ...