Tuesday, December 3, 2024
HomeCVE/vulnerabilityLinux kernel Bug Let Attackers Insert Malicious Code Into The Kernel Address...

Linux kernel Bug Let Attackers Insert Malicious Code Into The Kernel Address Space

Published on

SIEM as a Service

The cybersecurity researchers have detected that the Linux kernel bug is allowing the threat actors to implement some malicious code into the kernel address space.

Linux uses ASLR for user-space programs for a long time, ASLR Address-space layout randomization is generally used for its very famous method to make exploits more difficult by putting various objects at random.

However, the experts have outlined some key details regarding this malicious code, and that’s why they have started looking for the patches so that they can circumvent such an unwanted situation.

- Advertisement - SIEM as a Service

Attacks

This is not the first time when Kernel gets attacked, as it has been attacked by various threat actors and with different methods. To attack Kernel, the initial thing for an attacker is to find if it has any kind of bug in the system or not.

If the attacker finds any bug in the kernel code, then they can use it to insert different malicious code into the kernel address space by using several methods and redirect the kernel’s execution to that code.

Randomizing the location of Kernel

After investigating the procedure, the security analysts came to know that ASLR (KASLR) is currently randomized where the kernel code is placed at boot time. 

However, the researchers affirmed that using KASLR is quite beneficial for the threat actors, as it has a one-sided effect that moves the interrupt descriptor table (IDT) far away from the other kernel to a location that is present in the read-only memory. 

Basically, ASLR  is a “statistical defense,” and here the brute force techniques can be used to overcome such situations. A situation where it has been described that in the case of 1000 location, brute force will find it once and fail 999 times.

Accomplishment

Among all the malicious code, KASLR is one of the most minor problematic codes that the experts came across. However, cybersecurity researchers have claimed that there are a few steps that will help the user to bypass such a situation.

Some steps are to be taken to protect the data from getting leaked; later it can be used to identify where the kernel was loaded. 

Moreover, the kptr_restrict sysctl should be allowed so that the kernel pointers should not get leaked to a userspace. The patches that have been mentioned by the analysts are currently only for 64-bit x86.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

HPE IceWall Flaw Let Attackers cause Unauthorized Data Modification

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability...