Wednesday, May 18, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Hackers can take over systems by exploiting new vulnerability in Linux kernel

Hackers can take over systems by exploiting new vulnerability in Linux kernel

Exploiting this new kernel vulnerability lets the hackers execute arbitrary code within the kernel and completely compromise the system.

Atalay Kelestemur by Atalay Kelestemur
November 6, 2021
in Cybersecurity
2 min read
0 0
0
Hackers can take over systems by exploiting new vulnerability in Linux kernel
0
SHARES
34
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Linux is an operating system that has security in mind from its first days. Today Linux may be considered the most secure OS in the market, especially for the web hosting and cloud computing industries. In the last months, Linux had critical security patches. This time security researchers have discovered a heap overflow vulnerability in the Transparent Inter-Process Communication module of the kernel.

  • Related: How to update Linux Kernel without reboot?

Included in all common Linux distributions

Exploiting this vulnerability lets the hackers execute arbitrary code within the kernel and completely compromise the system. The vulnerable TIPC module is included in all common Linux distributions. The good news, the user must load the module to activate the protocol. TIPC enables the nodes in a cluster to communicate efficiently while remaining fault-tolerant. The origin of the flaw is based on the user message type called MSG_CRYPTO which was introduced in September 2020.

The vulnerability was reported and thanks to the cooperation with the Linux Foundation and one of the TIPC managers, the patch was released on October 29th. The patched version has been available in current Linux versions (after 5.15) since October 31st. If you are a TIPC user, check whether your Linux kernel version is between 5.10-rc1 and 5.15. If not, we highly recommend you update it.

Linux security researchers at SentinelOne Labs talked about vulnerability,

“As for the data being overwritten, at first glance it may look like the overflow will have uncontrolled data, since the actual message size used to allocate the heap location is verified. However, a second look at the message validation function shows that it only checks that the message size in the header is within the bounds of the actual packet. That means that an attacker could create a 20-byte packet and set the message size to 10 bytes without failing the check.”

See more Cyber Security News


Tags: SentinelOne
ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Datadog shared Q3 2021 financial results

Next Post

OWC released World’s first Thunderbolt Dual Bay U.2 desktop storage solution

Atalay Kelestemur

Atalay Kelestemur

Atalay Kelestemur is the Editor-in-Chief of Cloud7 News. He was most recently the chief editor of T3. Prior to that, he was the managing editor of BYTE. He also served as software editor in PC World. Atalay Kelestemur has covered the technology industry since 1996, publishing articles in PC Net, IT Pro, Computer World, PC Life, CyberMag, and CIO magazines. Atalay Kelestemur is an information system security professional and his area of expertise includes Linux security, penetration testing, secure software development, malware removal, and computer forensics. Atalay Kelestemur is the author of Pardus 2011, Ubuntu, Windows 8, and Siber Istihbarat (Cyber Intelligence). Atalay graduated with a Bachelor's Degree in Maritime from Istanbul Technical University. He earned a master's degree in political science from Gedik University, where he wrote his thesis on The Importance of Cyber Intelligence on Public Security. Now he is working on his Ph.D. thesis on international trade, covering the cybersecurity threats and countermeasures on the maritime industry.

Related News

Russian attackers target Eurovision 2022

Russian attackers target Eurovision 2022

May 17, 2022 7:03 pm
CISA warned domain controllers not to install May Windows updates

CISA warned domain controllers not to install May Windows updates

May 17, 2022 3:45 pm
Intel firmware has many vulnerabilities; patch them immediately

Intel firmware has many vulnerabilities; patch them immediately

May 17, 2022 2:58 pm
Zyxel patches critical vulnerability

Zyxel patches critical vulnerability

May 17, 2022 12:45 am
Next Post
OWC released Mercury Pro U.2 Dual as World's first Thunderbolt Dual Bay U.2 desktop storage solution

OWC released World's first Thunderbolt Dual Bay U.2 desktop storage solution

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

AlmaLinux OS first stable release is out! Download it now!

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

Miss Group acquires Swedish hosting company, Cloudnet

Advertisement

Recent News

  • Miss Group acquires Swedish hosting company, Cloudnet
  • Vulkan 1.3.214 is ready
  • Windows Server 20H2 is about to reach the end-of-service phase
  • WordPress 6.0 Release Candidate 3 is now available
  • Aiven raises $210 million

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.