Sunday, July 14, 2024
EHA

Linux kernel Bug Let Attackers Insert Malicious Code Into The Kernel Address Space

The cybersecurity researchers have detected that the Linux kernel bug is allowing the threat actors to implement some malicious code into the kernel address space.

Linux uses ASLR for user-space programs for a long time, ASLR Address-space layout randomization is generally used for its very famous method to make exploits more difficult by putting various objects at random.

However, the experts have outlined some key details regarding this malicious code, and that’s why they have started looking for the patches so that they can circumvent such an unwanted situation.

Attacks

This is not the first time when Kernel gets attacked, as it has been attacked by various threat actors and with different methods. To attack Kernel, the initial thing for an attacker is to find if it has any kind of bug in the system or not.

If the attacker finds any bug in the kernel code, then they can use it to insert different malicious code into the kernel address space by using several methods and redirect the kernel’s execution to that code.

Randomizing the location of Kernel

After investigating the procedure, the security analysts came to know that ASLR (KASLR) is currently randomized where the kernel code is placed at boot time. 

However, the researchers affirmed that using KASLR is quite beneficial for the threat actors, as it has a one-sided effect that moves the interrupt descriptor table (IDT) far away from the other kernel to a location that is present in the read-only memory. 

Basically, ASLR  is a “statistical defense,” and here the brute force techniques can be used to overcome such situations. A situation where it has been described that in the case of 1000 location, brute force will find it once and fail 999 times.

Accomplishment

Among all the malicious code, KASLR is one of the most minor problematic codes that the experts came across. However, cybersecurity researchers have claimed that there are a few steps that will help the user to bypass such a situation.

Some steps are to be taken to protect the data from getting leaked; later it can be used to identify where the kernel was loaded. 

Moreover, the kptr_restrict sysctl should be allowed so that the kernel pointers should not get leaked to a userspace. The patches that have been mentioned by the analysts are currently only for 64-bit x86.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles