The Linux Kernel Had Many Vulnerabilities Last Year
While today's 0-day local privilege escalation bug is making the news rounds on the Internet, there were many other security vulnerabilities discovered within the Linux kernel last year -- many of which didn't receive as much attention and some of them are even yet to be resolved.
In light of today's news is a new kernel mailing list thread about 2015 CVEs for the Linux kernel. There were 75 CVEs issued for the Linux kernel last year, five of the CVEs have yet to be patched, and one of the CVEs is still private.
CVE-2015-8575 is the one still private that also hasn't been patched yet. The only details on that one are related to net/bluetooth. The other yet to be resolved CVEs deal with the file-system, ptrace, and KVM code. In terms of the CVEs for the Linux kernel from last year, Dan Carpenter explained in his post:
In light of today's news is a new kernel mailing list thread about 2015 CVEs for the Linux kernel. There were 75 CVEs issued for the Linux kernel last year, five of the CVEs have yet to be patched, and one of the CVEs is still private.
CVE-2015-8575 is the one still private that also hasn't been patched yet. The only details on that one are related to net/bluetooth. The other yet to be resolved CVEs deal with the file-system, ptrace, and KVM code. In terms of the CVEs for the Linux kernel from last year, Dan Carpenter explained in his post:
There was only a coupls CVEs that looks like they came from a filesystem fuzzer where you create a corrupt filesystems and then try use them. There was only one that might have come from a USB fuzzer. We probably should be testing those things better.
There was one CVE from Smatch. Smatch has improved, inspired by the ozwpan bugs and hopefully could catch most of those bounds errors now.
Quite a few bugs were found using the Trinity fuzzer. Also the new syzkaller fuzzer seems to have found a bunch of stuff. Good work. I think people are using the fuzzers with kasan as well which is a fantastic tool.
Many of the use-after-free and unintialized data bugs would be less harmful if we had some kernel hardenning patches.
A lot of the bugs are just really complicated things with funny corner cases, namespace issues or people just made mistake in the logic and it's hard to do anything about it.
1 Comment