Linux VFS Fix for 5 Year Old Bug That Could Cause Corruption, Security or Crash
A significant fix for a five-year-old Linux VFS bug, discovered by Microsoft engineer Christian Brauner, addresses potential on-disk corruption and security vulnerabilities, enhancing kernel stability and security.
Read original article
A significant fix for a five-year-old bug in the Linux Virtual File System (VFS) has been introduced ahead of the Linux 6.11 merge window. The bug, discovered by Microsoft engineer Christian Brauner, could lead to on-disk corruption, security vulnerabilities, or kernel crashes. The issue arises from the ability of privileged users to mount filesystems with a non-initial user namespace, which could create security risks and instability. The bug was introduced by a patch in 2018 and has been present in the mainline Linux kernel since February 2019.
Seth Forshee from DigitalOcean contributed to resolving the issue by restricting the mounting of filesystems to those that support the FS_USERNS_MOUNT flag, thereby preventing potential exploitation. The fix consists of a small code patch, primarily consisting of comments, and is currently awaiting integration into the mainline kernel and backporting to stable kernel series. This update is crucial for maintaining the integrity and security of Linux systems, particularly for those operating in environments where privileged access is a concern. The fix is expected to enhance the overall stability and security of the Linux kernel moving forward.
Related
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
CVE-2021-4440: A Linux CNA Case Study
The Linux CNA mishandled CVE-2021-4440 in the 5.10 LTS kernel, causing information leakage and KASLR defeats. The issue affected Debian Bullseye and SUSE's 5.3.18 kernel, resolved in version 5.10.218.
Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The study explores data-only attacks on Linux systems, identifying critical file system objects for exploitation without requiring Kernel Address Space Layout Randomization. It presents novel exploit strategies and evaluates them against real-world vulnerabilities.
Linux 6.11 To Allow Tightening Of /proc/[PID]/mem Access For Better Security
Linux 6.11 will introduce a security feature tightening access to /proc/[pid]/mem files, proposed by Christian Brauner. It aims to restrict writes unless the current process ptraces to the task, addressing past exploits. Brauner emphasizes balancing security with legitimate use cases like debugging tools.
Linux 6.10 Released
The Linux 6.10 release by Linus Torvalds featured increased activity in filesystems, driver updates, and miscellaneous changes. No extra release candidates were needed. Version 6.11's merge window will open soon, coinciding with Europe's summer vacation. Various subsystems received fixes and improvements, including ARM64, USB, networking, SPI, MMC, USB, ALSA, and more. The bcachefs filesystem underwent corrections and optimizations.
1 commentsRelated
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
CVE-2021-4440: A Linux CNA Case Study
The Linux CNA mishandled CVE-2021-4440 in the 5.10 LTS kernel, causing information leakage and KASLR defeats. The issue affected Debian Bullseye and SUSE's 5.3.18 kernel, resolved in version 5.10.218.
Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The study explores data-only attacks on Linux systems, identifying critical file system objects for exploitation without requiring Kernel Address Space Layout Randomization. It presents novel exploit strategies and evaluates them against real-world vulnerabilities.
Linux 6.11 To Allow Tightening Of /proc/[PID]/mem Access For Better Security
Linux 6.11 will introduce a security feature tightening access to /proc/[pid]/mem files, proposed by Christian Brauner. It aims to restrict writes unless the current process ptraces to the task, addressing past exploits. Brauner emphasizes balancing security with legitimate use cases like debugging tools.
Linux 6.10 Released
The Linux 6.10 release by Linus Torvalds featured increased activity in filesystems, driver updates, and miscellaneous changes. No extra release candidates were needed. Version 6.11's merge window will open soon, coinciding with Europe's summer vacation. Various subsystems received fixes and improvements, including ARM64, USB, networking, SPI, MMC, USB, ALSA, and more. The bcachefs filesystem underwent corrections and optimizations.