This issue affects only 64-bit systems where io_uring is used. An attacker who has the ability to execute code in kernel mode could use this flaw to access information out of the intended address space.

A race condition flaw was found in the Linux kernel’s rcu sub-system that could allow an excessive amount of rcu grace periods to be executed. An attacker who could make rcu grace periods frequently recur on a given rcu slot could potentially cause a denial-of-service scenario on the system.
It is recommended to upgrade to these version from the latest stable version: Linux kernel version 4.18.6

Linux distributions that have started to provide security updates for the above-mentioned vulnerabilities: Debian 9 (Stretch) – released on June 9, 2018 Red Hat Enterprise Linux 7 – released on June 8, 2018 CentOS 7 – released on May 10, 2018 Ubuntu 18.04 – released on April 26, 2018
The main reason for kernel vulnerabilities discovery is due to the lack of input validation. There are various ways to find and exploit such vulnerabilities. These include fuzzing, reverse engineering, and using publicly available exploit code. Another reason for kernel vulnerabilities discovery is due to the lack of testing. There are various types of testing, such as code coverage, static code analysis, unit testing, etc. that can be done to find and eliminate vulnerabilities.

What is a kernel vulnerability?

A kernel vulnerability is a flaw that exists in the Linux kernel that can be leveraged by attackers to exploit the host machine.

How to find vulnerable code in Linux?

In order to find vulnerable code in Linux, a few methods can be used. They include fuzzing, reverse engineering, and using publicly available exploit code. Another reason for kernel vulnerabilities discovery is due to the lack of testing. There are various types of testing that can be done to find vulnerabilities within the kernel. These include code coverage, static code analysis, unit testing, etc.

Code Coverage

Code coverage is a way to test how much of the code has been executed in a given environment. It is important that all parts of the code are tested to ensure that each function has been executed.
Code coverage tests are useful for finding code areas not covered by unit tests and for obtaining an overall percentage of where bugs may exist in the code base.
The most common form of code coverage is line-based coverage, which indicates which lines of code were executed during testing.
There are other forms of code coverage as well, such as branch-based or function-based coverage.

How to detect and prevent kernel vulnerabilities?

There are various ways to detect and prevent kernel vulnerabilities. They can be found using static code analysis tools such as Coverity, Detexify, and SAST. Reverse-engineering techniques such as rasm2, radare2, CFIQuery etc. can also be used to find vulnerabilities in the kernel.
In order to mitigate the risks of kernel vulnerabilities discovery, it is recommended that developers use source code review tools like Gerrit or GitLab to check for potential vulnerabilities during the development process. Another way is to use static code analysis tools during the build process. This helps identify code that does not conform with best practices and should be fixed before being included in the software product release.

Timeline

Published on: 08/31/2022 16:15:00 UTC
Last modified on: 09/06/2022 19:43:00 UTC

References