>A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8.
>Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system.
I have a feeling Google did a big research into linux kernel security, pached kernels on all their machines now they release one major vulnerability each quarter to pin their competition in constant kernel upgrades of whole datacenters. Those can take considerable effort and slow down progress of many SRE teams across the industry. You know once is happenstance, twice is coincidence, three times...
Isn't he the same guy who discovered spectre and meltdown?
Luis Roberts
when your breath stank of their cum faggot
David Brooks
Lemme tell you this, Jow Forums. There's been a new vulnerability and exploit already since the "CoC" has been set into place. The SJW stuff? Bullshit. They're most likely paid actors from presumably Microsoft (Since, you know, Microsoft (((loves))) Linux). They used the today's "socially accepting" trend to overthrow Linus and to take over the kernel, which was extremely easy to do, since, you know, this social justice trend is everywhere and if you disagree with it you'd be blamed to death by the media. After that, they proceeded to cram it full with vulnerabilities. Call me a conspiracy freak all you want, but there's definitely something fishy behind this.
is microsoft the new boogeyman? it is so difficult to keep up with the mentally ill, every week a new threat.
Wyatt James
They went back in time to put vulnerabilities in the kernel? That's pretty hardcore.
Nolan Rodriguez
If you are stupid enough to be affected by a local priv escalation then you should use windows.
Thomas Hernandez
your argument is flawed. vmacache.c was fixed by the Torvalds two days prior to the SJW submission and CoC implementation.
The reason RedHat backports patches is to close security problems like this one. My guess is that CentOS won't be vulnerable for very long.
nice, great bait right there. very impressive.
yes
yes. exploit-db.com/exploits/45497/ you need local user access and it takes an hour or four to run depending on the system. have fun
while insightful overall your post has a minor error, this vulnerability was both put in place and patched before the CoC.
Zachary Jones
Which super safe operating system that supports common software should people use instead, smartass?
Nathan Johnson
>Call me a conspiracy freak all you want You are a conspiracy freak.
Brody Peterson
yes.
Carter Foster
Who else would shill against Linux so obviously and misleadingly? Microsoft has already admitted they pay people to spread misinformation against their competitors.
Ethan Green
>PoC exploit This is why we need the new CoC, people of color are being exploited in the Linux kernel. This is NOT okay.
Literally put on some makeup and grow out that hair and he'd already be passing more then 99% of trannies who are taking hormones and cutting off their dicks to look more feminine.
We had this thread a couple days ago, and 10 comments in it was oh it's nothing. What changed? Or is it just more of the old don't let facts ruin good FUD thing?
Noone reads the actual article. You have to have physical access, and even then it takes hours. Also it requires a lot of ram. It's mostly applicable on servers, but it's not that easy to gain physical access to important servers.
2 days ago a link to the article was posted, and it was BTFO in 10 comments. Solution: wait 48 hours and don't post a link this time. Let the FUDstorm commence.