Three serious Linux kernel security holes

CVE-2016-8655, CVE-2016-6480, and CVE-2016-6828

The latest three kernel vulnerabilities are designated CVE-2016-8655, CVE-2016-6480, and CVE-2016-6828. Of these, CVE-2016-8655 is the worst of the bunch. It enables local users, which can include remote users with virtual and cloud-based Linux instances, to crash the system or run arbitrary code as root.

To exploit this, a local user must first be able to create AF_PACKET sockets with CAP_NET_RAW in the network namespace. On many Linux distributions, but not all, an attacker can give themselves this ability by using unprivileged namespaces.

Operating systems that can be attacked by this include most newer versions of Debian, Fedora, Red Hat Enterprise Linux (RHEL) 7, and Ubuntu.

View Full Story