this post was submitted on 03 Nov 2025
207 points (97.7% liked)

Linux

14276 readers
135 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
207
CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware (cybersecuritynews.com)
submitted 1 month ago by RegularJoe@lemmy.world to c/linux@lemmy.world
95 comments fedilink hide all child comments
 

This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide.

top 50 comments
sorted by: hot top controversial new old
[–] turdas@suppo.fi 90 points 1 month ago (5 children)

This only affects positively ancient kernels:

From (including) 3.15 Up to (excluding) 5.15.149 From (including) 6.1 Up to (excluding) 6.1.76 From (including) 6.2 Up to (excluding) 6.6.15 From (including) 6.7 Up to (excluding) 6.7.3

[–] somerandomperson@lemmy.dbzer0.com 32 points 1 month ago

fuck my phone running android is vulnerable

[–] unwillingsomnambulist@midwest.social 16 points 1 month ago (3 children)

If I’m not mistaken, RHEL9 and equivalents are on 5.15. That’s a pretty big blast radius.

[–] turdas@suppo.fi 8 points 1 month ago (1 children)

They will probably have a version newer than 5.15.149.

load more comments (1 replies)
[–] Brosplosion@lemmy.zip 4 points 1 month ago

RHEL is on 5.15 in spirit only. They backport tons of patches to the point that 5.15 modules don't build against it

[–] AliasAKA@lemmy.world 3 points 1 month ago (1 children)

I think RHEL9 uses 5.14 as base

load more comments (1 replies)
[–] anamethatisnt@sopuli.xyz 4 points 1 month ago (1 children)

Debian Bookworm (Debian 12/oldstable) would be affected then, I think?

[–] turdas@suppo.fi 9 points 1 month ago (1 children)

It looks to be on 6.1.153 currently which is much newer than 6.1.76.

load more comments (1 replies)
load more comments (2 replies)
[–] BCsven@lemmy.ca 30 points 1 month ago (2 children)

Local attacker? So on your LAN

[–] henfredemars@infosec.pub 26 points 1 month ago (1 children)

You need to be able to run code on the system that has the bug. The bug is in the netfilter component, in how it's managed on that system, not in the actual traffic flows.

[–] BCsven@lemmy.ca 8 points 1 month ago (4 children)

So a non issue unless somebody has physical access to the machine?

[–] who@feddit.org 22 points 1 month ago* (last edited 1 month ago) (1 children)

Unfortunately, it's not that simple, because attacks often involve "exploit chains". In this case, an attacker would use a different vulnerability to gain code execution capability, and then use that capability to exploit this vulnerability.

Update your systems, folks.

load more comments (1 replies)
[–] bookmeat@lemmynsfw.com 8 points 1 month ago (3 children)

No. They just have to be able to place exploit code onto your machine and have it run.

load more comments (3 replies)
load more comments (2 replies)
[–] Evil_Shrubbery@thelemmy.club 4 points 1 month ago

The (ssh) call it coming from inside the 127.0.0.1!!

(Scoot over, I need the keeb.)

[–] Treczoks@lemmy.world 29 points 1 month ago (1 children)

For exploiting a privilege escalation the attacker must be able to run their own code on your machine. If you let them do such things, you already have more than enough security problems in the first place.

[–] okamiueru@lemmy.world 13 points 1 month ago (2 children)

Except for supply chain attacks. You get a foot in the door, and open the rest with impunity

load more comments (2 replies)
[–] qweertz@programming.dev 18 points 1 month ago (57 children)

And that kids, is why we are pushing for Rust in the Kernel

[–] onlinepersona@programming.dev 22 points 1 month ago

But... You dont understand, Rust is the devil! If Rust were made the kernel's main language it would terrible because that would mean change 😭😭😭

[–] Zangoose@lemmy.world 7 points 1 month ago

But then the kernel wouldn't be free! Free as in 'use-after-free'!

(/s in case it wasn't obvious)

load more comments (55 replies)
[–] ivanafterall@lemmy.world 17 points 1 month ago (2 children)

Feeling pret-ty smug about my Windows 10 machine rn ngl

[–] Frenchgeek@lemmy.ml 19 points 1 month ago

Your Windows 10 machine? Microsoft disagree.

[–] prole@lemmy.blahaj.zone 8 points 1 month ago (4 children)

Lol because Windows has never been exploited

load more comments (4 replies)
[–] ScoffingLizard@lemmy.dbzer0.com 5 points 1 month ago

I read: Microsoft started to feel threatened and paid black hats to exploit vulnerabilities in wares that people have recently learned are far superior to their goddamned surveillance garbage.

load more comments
view more: next ›