Google hacker discloses new linux kernel vulnerability and poc exploit

>A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8.

>Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system.

I have a feeling Google did a big research into linux kernel security, pached kernels on all their machines now they release one major vulnerability each quarter to pin their competition in constant kernel upgrades of whole datacenters. Those can take considerable effort and slow down progress of many SRE teams across the industry. You know once is happenstance, twice is coincidence, three times...

Attached: linux.jpg (770x602, 59K)

Other urls found in this thread:

exploit-db.com/exploits/45497/
access.redhat.com/security/cve/cve-2018-17182
twitter.com/NSFWRedditImage

thats what you get when you build a shit OS garbage on top of garbage, leaks everywhere

as to be expected after the COC is implemented kernal security goes down

Well they are the ones doing the groundwork so yeah.

>3.16 through 4.18.8
nice beta testing cucks. That's why you should be using something like red hat or centos for a server or critical workstations

BASED trannies will fix all leaks

heteronormative oppression of the KERNEL has gone on FOR TOO LONG

Actually Red Hat back ports lots of patches to the old kernel so centos 7 could be vulnerable.

he's a guy though
based Germans

Attached: 800x-1.jpg (800x640, 65K)

>use Windows 10
>no security holes ever and despite rumors it actually does not spy on you if you change the privacy settings to tell it not to

>use Linux
>kernel is swiss cheese security nightmare, almost every single person who has Linux installed for a month is rootkitted

I compliment you on the construction of this bait

laughs in Arch, I'm already on 4.18.10

Kys

buttmad tranny

t. Paid (((Microsoft))) shill

wow, how did you get microsoft into this?

> White cis straight male
Disgusting, get out of my kernel

ikr these white shitlords now larp as women to continue the partriarchy, it's disgusting

does this affect gentoo?

>poc exploit
WOOOOW

This exploit exists until the last non-CoC'd version.
What. A. Coincidence.

Wow! So this.. is the power.. of powerful tranny code.

Attached: bttic.png (740x557, 250K)

Isn't he the same guy who discovered spectre and meltdown?

when your breath stank of their cum faggot

Lemme tell you this, Jow Forums. There's been a new vulnerability and exploit already since the "CoC" has been set into place.
The SJW stuff? Bullshit. They're most likely paid actors from presumably Microsoft (Since, you know, Microsoft (((loves))) Linux).
They used the today's "socially accepting" trend to overthrow Linus and to take over the kernel, which was extremely easy to do, since, you know, this social justice trend is everywhere and if you disagree with it you'd be blamed to death by the media. After that, they proceeded to cram it full with vulnerabilities.
Call me a conspiracy freak all you want, but there's definitely something fishy behind this.

Attached: extreme disappointment.jpg (768x576, 56K)

Imblying Linux is an Oh Es

is microsoft the new boogeyman? it is so difficult to keep up with the mentally ill, every week a new threat.

They went back in time to put vulnerabilities in the kernel? That's pretty hardcore.

If you are stupid enough to be affected by a local priv escalation then you should use windows.

your argument is flawed. vmacache.c was fixed by the Torvalds two days prior to the SJW submission and CoC implementation.

The reason RedHat backports patches is to close security problems like this one. My guess is that CentOS won't be vulnerable for very long.

nice, great bait right there. very impressive.

yes

yes. exploit-db.com/exploits/45497/
you need local user access and it takes an hour or four to run depending on the system. have fun

while insightful overall your post has a minor error, this vulnerability was both put in place and patched before the CoC.

Which super safe operating system that supports common software should people use instead, smartass?

>Call me a conspiracy freak all you want
You are a conspiracy freak.

yes.

Who else would shill against Linux so obviously and misleadingly? Microsoft has already admitted they pay people to spread misinformation against their competitors.

>PoC exploit
This is why we need the new CoC, people of color are being exploited in the Linux kernel. This is NOT okay.

Attached: lycqk.png (237x212, 7K)

Literally put on some makeup and grow out that hair and he'd already be passing more then 99% of trannies who are taking hormones and cutting off their dicks to look more feminine.

>the trannies are paid actors by microsoft
mfw

Attached: 1530502.jpg (567x768, 55K)

We had this thread a couple days ago, and 10 comments in it was oh it's nothing.
What changed?
Or is it just more of the old don't let facts ruin good FUD thing?

Attached: 1339550542705.jpg (904x1024, 611K)

What's the alternative?

Exploit requires so much mem it's ineffective on systems < 32 G ram.

>centos
>critical workstations/servers

Only put that shit on servers that will never communicate outside.

>you need local user access
*yawn*

I wonder what safe OS you're posting that from....

The power of opensores in 2018

You don't know how red hat work if you think red hat kernels are the Linux canon kernels.

What's a kernel?

Attached: 1200px-Hurd-logo.svg.png (1200x1200, 41K)

Crunchy carby tendies?

Attached: tenor.gif (498x498, 1.13M)

Noone reads the actual article. You have to have physical access, and even then it takes hours. Also it requires a lot of ram. It's mostly applicable on servers, but it's not that easy to gain physical access to important servers.

very nice bait my friend

Attached: 1537246127327.jpg (255x173, 11K)

Here's your (You).

>poc exploit
>people of color
IT'S THE FUCKING TRANNIES AGAIN

Attached: 93e8676d3a21f6cf9b8d96bbd2a35ab4dd6ef41985d748a5e4f0940459692dcd.gif (400x400, 557K)

are you fucking retarded?
are you implying that gnu hurd doesn't have a kernel?

>imblying

Yes, and the commercial i was referencing was imblying that an ipad isn't just a computer w. a touch screen and smaller hw.

>imblying
my sides!

Attached: 1535728670610s.jpg (125x119, 3K)

>imblyign
>mfw

Attached: eb4.gif (500x500, 1.65M)

Don't be rude! Maybe he has a cold.

Attached: 152.png (671x603, 168K)

proof of concept

2 days ago a link to the article was posted, and it was BTFO in 10 comments.
Solution: wait 48 hours and don't post a link this time. Let the FUDstorm commence.

I use 4.9 + grsec.

Clearly you aren't too sure how they work either.

access.redhat.com/security/cve/cve-2018-17182