Another nasty Linux kernel bug surfaces

A significant new long-standing flaw in the Linux kernel was discovered this week just as Google pushed out an awaited update for Android to kill the Dirty COW vulnerability.

The Dirty copy-on-write (COW) flaw was discovered in October as being under active exploit, likely since 2007. 

The exploit takes advantage of a bug in the COW performance optimisation feature to allow local, unprivileged users to bypass permission settings and modify binaries stored on disk. It affects all existing Linux kernels.

A patch was committed to the Linux kernel source tree at the time, and Red Hat engineer Petr Matousek posted mitigation measures.

However, Google opted against patching the flaw in its November collection of security updates despite Dirty COW affecting every version of Android.

At the time it said it had no indication that the flaw had been exploited on Android, and so would hold off on patching the flaw until December. Virtualisation VMware took the opposite approach and issued patches against Dirty COW the following day.

In its December security patch bundle issued today, Google released an update for Android that closes the Dirty COW vulnerability.

But as the Dirty COW hole was plugged, another major vulnerability in the Linux kernel has surfaced.

The CVE-2016-8655 privilege escalation flaw,  published on Tuesday, allows attackers to gain a root shell and full access to the server by exploiting a race condition in the “net/packet/af_packet.c” part of the Linux kernel.

It has been in existence since 2011. A patch has already been issued for the Linux kernel.

The researcher who discovered the flaw, Philip Pettersson, released code for a proof-of-concept exploit that works on Ubuntu 16.04 x86_64 and "some 14.04 kernels".

Petterson said the exploit "should work for any [Linux] distro with unprivileged user namespace support" with kernel version 4.4.