The Linux Kernel Had Many Vulnerabilities Last Year

Written by Michael Larabel in Linux Kernel on 19 January 2016 at 01:06 PM EST. 1 Comment
LINUX KERNEL
While today's 0-day local privilege escalation bug is making the news rounds on the Internet, there were many other security vulnerabilities discovered within the Linux kernel last year -- many of which didn't receive as much attention and some of them are even yet to be resolved.

In light of today's news is a new kernel mailing list thread about 2015 CVEs for the Linux kernel. There were 75 CVEs issued for the Linux kernel last year, five of the CVEs have yet to be patched, and one of the CVEs is still private.

CVE-2015-8575 is the one still private that also hasn't been patched yet. The only details on that one are related to net/bluetooth. The other yet to be resolved CVEs deal with the file-system, ptrace, and KVM code. In terms of the CVEs for the Linux kernel from last year, Dan Carpenter explained in his post:
There was only a coupls CVEs that looks like they came from a filesystem fuzzer where you create a corrupt filesystems and then try use them. There was only one that might have come from a USB fuzzer. We probably should be testing those things better.

There was one CVE from Smatch. Smatch has improved, inspired by the ozwpan bugs and hopefully could catch most of those bounds errors now.

Quite a few bugs were found using the Trinity fuzzer. Also the new syzkaller fuzzer seems to have found a bunch of stuff. Good work. I think people are using the fuzzers with kasan as well which is a fantastic tool.

Many of the use-after-free and unintialized data bugs would be less harmful if we had some kernel hardenning patches.

A lot of the bugs are just really complicated things with funny corner cases, namespace issues or people just made mistake in the logic and it's hard to do anything about it.
1 Comment
Related News
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
Linux 6.10 SLUB Optimization To Reduce Memory Consumption In Extreme Scenarios
Linux 6.8.5 & Other Stable Kernel Updates Due To Native BHI Vulnerability
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode
Ubuntu 24.04 Beta Now Available For Testing