Linux Kernel, the main component of the Linux Operating System has a Vulnerability that Allows Local Attackers or any unauthorized person to Escalate Privileges and exploit the system. Vulnerability is the condition or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally.
A security researcher ‘Alexander Popov’ discovered a vulnerability in the Linux kernel that allows an attacker to increase local privileges on a victim’s network. The Attacker first finds the weak points in an organization and then gains access from that system. This defect or vulnerability allows an attacker to potentially steal data, execute administrative commands or install malicious software on operating systems or server applications.
These vulnerabilities got a 7.0 out of 10 for severity by the Common Vulnerability Scoring System. On 5th February, Alexander was able to test an exploit of one of the vulnerabilities on Fedora Server 33 successfully, as notified by the Linux Foundation. Linux Foundation is a non-profit consortium designed to standardize support for the open-source Linux system, and other parties through email.
CVE-2019-18683 in 2019, Exploiting a Linux kernel vulnerability in the V4L2 subsystem, and CVE-2017-2636 in 2017, exploit the race condition in the n_hdlc Linux kernel operator bypassing SMEP are the two other privilege escalation vulnerabilities in Linux kernels that are found by the researchers.
These vulnerabilities are now becoming more and more popular among cybercriminals and security researchers, with more than 25% of newly published Common Vulnerabilities and Exposure (CVE) records this past year containing some component of privilege escalation or remote code execution which is undoubtedly a large figure.
By: Navya Swarap
Campus Ambassador, WCSF