5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered


[![5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered](https://3.bp.blogspot.com/-SSKEkSYFPlI/WEg1PB5oNjI/AAAAAAAAqe0/GArieXp2QPgbMiiIN0hTVEp7YmTypEnGQCLcB/s1600/linux-kernel-local-root-exploit.png)](<https://3.bp.blogspot.com/-SSKEkSYFPlI/WEg1PB5oNjI/AAAAAAAAqe0/GArieXp2QPgbMiiIN0hTVEp7YmTypEnGQCLcB/s1600/linux-kernel-local-root-exploit.png>) A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu. Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed "[Dirty COW](<https://thehackernews.com/2016/10/linux-kernel-exploit.html>)," was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu. Now, another Linux kernel vulnerability ([CVE-2016-8655](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655>)) that dates back to 2011 [disclosed](<http://seclists.org/oss-sec/2016/q4/607>) today could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel. Philip Pettersson, the researcher who discovered the flaw, was able to create an [exploit to gain a root shell](<https://www.exploit-db.com/exploits/40871/>) on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities. In other words, a local unprivileged attacker can use this exploit to cause a denial of service (crashing server) or run arbitrary malicious code with administrative privileges on the targeted system. > "_A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer_," Red Hat [security advisory](<https://access.redhat.com/security/cve/cve-2016-8655>) explains. > "_A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system._" This threat creates a potential danger for service providers to have their servers crashed or hacked through this Linux kernel vulnerability. _"On Android, processes with gid=3004/AID_NET_RAW are able to create AF_PACKET sockets (mediaserver) and can trigger the bug," _Pettersson explains. The vulnerability was patched in the mainline kernel last week, so users are advised to update their Linux distro as soon as possible.