Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account.
According to SC Media, if an attacker already had the execution on a box, either because you have a user account on the machine, or you've compromised some service that doesn't have repaired permissions, you can do whatever you want.
The vulnerabilities were spotted at the mythically themed GRIMM software security outfit by Adam Nichols.
He said that while the vulnerabilities "are in code that is not remotely accessible, so this isn't like a remote exploit".
They take "any existing threat that might be there. It just makes it that much worse. If you have users on the system that you don't really trust with root access it, it breaks them as well".
Nichols said that Linux code "is not getting many eyes or the eyes are looking at it and saying that seems fine".
He said that the bugs have been in there since the code was first written, and they haven't really changed over the last 15 years.
That the flaws slipped detection for so long has a lot to do with the sprawl of the Linux kernel. It "has gotten so big" and "there's so much code there…The real strategy is make sure you're loading as little code as possible", he said.
The bugs have been patched in the following kernel releases: 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260. All older kernels are end-of-life and will not receive patches.