Skip to main content

Decade-old Linux kernel vulnerabilities are threatening device security

security
(Image credit: Shutterstock / Golden Sikorka)

Researchers have identified three major vulnerabilities in the Linux kernel that have existed for more than a decade.

According to cybersecurity firm GRIMM, these bugs could allow attackers to elevate their privileges from basic to root, opening the door to data theft, malware (opens in new tab)and ransomware distribution, escalation of privilege and DDoS attacks, Bleeping Computer (opens in new tab) reported.

The vulnerabilities (CVE-2021-27365, CVE-2021-27363 and CVE-2021-27364) have since been fixed and patches for the mainline Linux kernel became generally available on March 7. Linux users have been urged to patch their systems immediately.

Despite their relative severity, the vulnerabilities aren't particularly easy to exploit, requiring local access to the target device. This means attackers would either need to access the device physically or chain the Linux bugs with other vulnerabilities.

Detailing his findings in a blog post (opens in new tab), GRIMM researcher Adam Nichols said that the vulnerable scsi_transport_iscsi kernel module is not loaded by default, and explained what that means:

"The Linux kernel loads modules either because new hardware is detected or because a kernel function detects that a module is missing," he wrote. "The latter implicit autoload case is more likely to be abused and is easily triggered by an attacker, enabling them to increase the attack surface of the kernel."

"On CentOS 8, RHEL 8, and Fedora systems, unprivileged users can automatically load the required modules if the rdma-core package is installed. On Debian and Ubuntu systems, the rdma-core package will only automatically load the two required kernel modules if the RDMA hardware is available. As such, the vulnerability is much more limited in scope."

Bleeping Computer further explained that the bugs could be abused to bypass various Linux security features designed to block exploits, including the Kernel Address Space Layout Randomization (KASLR), Supervisor Mode Execution Protection (SMEP), Supervisor Mode Access Prevention (SMAP) and Kernel Page-Table Isolation (KPTI).

“The bottom line is that this is still a real problem area for the Linux kernel because of the tension between compatibility and security. Administrators and operators need to understand the risks, their defensive options, and how to apply those options in order to effectively protect their systems,” Nichols concluded.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.