科技回声

16 条评论

<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-1015" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2022-1015</a><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-1016" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2022-1016</a><a href="https://access.redhat.com/security/cve/CVE-2022-1015" rel="nofollow">https://access.redhat.com/security/cve/CVE-2022-1015</a><a href="https://access.redhat.com/security/cve/CVE-2022-1016" rel="nofollow">https://access.redhat.com/security/cve/CVE-2022-1016</a><a href="https://ubuntu.com/security/CVE-2022-1015" rel="nofollow">https://ubuntu.com/security/CVE-2022-1015</a><a href="https://ubuntu.com/security/CVE-2022-1016" rel="nofollow">https://ubuntu.com/security/CVE-2022-1016</a><a href="https://security-tracker.debian.org/tracker/CVE-2022-1015" rel="nofollow">https://security-tracker.debian.org/tracker/CVE-2022-1015</a><a href="https://security-tracker.debian.org/tracker/CVE-2022-1016" rel="nofollow">https://security-tracker.debian.org/tracker/CVE-2022-1016</a>I just spent the whole weekend patching whatever the last kernel vuln was and had to plan around like 20 people's schedules. I thought Meltdown/Spectre was bad, this year is already feeling like that year in repeat.15 years as a sysadmin, anyone have suggestions for my next career move? Thanks.

评论 #30839589 未加载

评论 #30840605 未加载

评论 #30839248 未加载

评论 #30839542 未加载

评论 #30841151 未加载

评论 #30839804 未加载

评论 #30840147 未加载

评论 #30840963 未加载

评论 #30838929 未加载

评论 #30839443 未加载

评论 #30842351 未加载

评论 #30844199 未加载

评论 #30845421 未加载

StillBored大约 3 年前

Its yet another int overflow bug too. Something like a kernel should probably be built with saturating arithmetic rather than the stupid C overflow behavior.

评论 #30838886 未加载

评论 #30839746 未加载

评论 #30839942 未加载

egberts1大约 3 年前

There are over 1.412 nodes in the nftables syntax tree (as of 2019).I know. I wrote a Vim syntax hilighter for nftables.And it is still failing.Just imagine how much untested surface area is that for the `nft` CLI.My work: <a href="https://egbert.net/blog/tags/vim.html" rel="nofollow">https://egbert.net/blog/tags/vim.html</a>

评论 #30841964 未加载

stormbrew大约 3 年前

Yet another CLONE_NEWUSER and fly away to victory privilege escalation. Really seems like enabling that was premature.

woodruffw大约 3 年前

Exploitable uninitialized stack variables in 2022! Remarkable.

评论 #30839028 未加载

eptcyka大约 3 年前

I don't understand, does this lead to privilege escalation by parsing a crafted netfilter rule? I am under the impression that I need NET_CAP_ADMIN or root privs to do this on my machines to load said rule anyway, right? So this affects deployments where regular users are able to do send netfilter rules to the kernel, right?

评论 #30840522 未加载

评论 #30840558 未加载

评论 #30845457 未加载

throwaway71271大约 3 年前

You can't have privilege escalation if everyone is root, modern problems require modern solutions.

评论 #30845566 未加载

rvz大约 3 年前

Out of bounds access, uninitialized stack data with an extremely weak language that doesn’t check any of that and happily compiles that hidden footgun gives you an escalation of privileges vulnerability.Perhaps Rust would have prevented this in the first place. But the entirety of Linux and the ancient UNIX philosophy is a giant labyrinth full of cobwebs riddled with hidden traps, landmines and trip-wires beyond exploring.Must be the worlds largest and endless minesweeper game discovering all those C style vulnerabilities in the Linux kernel.

评论 #30839269 未加载

评论 #30839221 未加载

评论 #30839682 未加载

评论 #30839071 未加载

bckr大约 3 年前

As an early career developer I feel helpless with the vast world of cyber security looming all around me, and not that many people thinking very much about it.It feels kind of like COVID in 2022. Obviously everywhere. Probably not going to hurt me? Could end my career.

评论 #30839586 未加载

评论 #30839752 未加载

评论 #30841918 未加载

评论 #30842456 未加载

评论 #30840277 未加载

评论 #30839657 未加载

hej_ewe大约 3 年前

Is this something that only affects linux servers, or are desktop users affected as well? Apologies if this question is too noob-ish.

MayeulC大约 3 年前

This is what I gathered from looking around:1016 comes from an uninitialized value. 1015 is an int8 overflow and out-of-bounds access. Both are C footguns (though not exclusive to C). The latter arguably might not have happened under a stable/specified ABI.1015:<pre><code> Introduced in 5.12 Fixed in 6e1acfa387b9, 2022-03-17 In LTS, fixed in 5.10.109 and 5.15.32 Also, in 5.16.18 and 5.17.1 </code></pre> 1016:<pre><code> Introduced in v3.13-rc1 Fixed in 4c905f6740a3, 2022-03-17 Fixed in same point releases as above, plus 5.10.109 Doesn't look fixed in older LTSes yet</code></pre>

tedunangst大约 3 年前

What's the practical exposure to CLONE_NEWUSER | CLONE_NEWNET?

评论 #30838702 未加载

评论 #30838533 未加载

TruthWillHurt大约 3 年前

I'm going back to kernel 2.6 .

评论 #30842006 未加载

cout大约 3 年前

Is this remotely exploitable or is it only a local vulnerability?

评论 #30850523 未加载

KSPAtlas大约 3 年前

Makes sense for a program which uses the command nft /s

评论 #30840942 未加载

encryptluks2大约 3 年前

Here comes the Rust people saying... should build everything in Rust it will fix all your problems and solve world hunger.

评论 #30839306 未加载

评论 #30839770 未加载

评论 #30845804 未加载

16 条评论

kafkaIncarnate大约 3 年前

评论 #30839589 未加载

评论 #30840605 未加载

评论 #30839248 未加载

评论 #30839542 未加载

评论 #30841151 未加载

评论 #30839804 未加载

评论 #30840147 未加载

评论 #30840963 未加载

评论 #30838929 未加载

评论 #30839443 未加载

评论 #30842351 未加载

评论 #30844199 未加载

评论 #30845421 未加载

StillBored大约 3 年前

Its yet another int overflow bug too. Something like a kernel should probably be built with saturating arithmetic rather than the stupid C overflow behavior.

评论 #30838886 未加载

评论 #30839746 未加载

评论 #30839942 未加载

egberts1大约 3 年前

评论 #30841964 未加载

stormbrew大约 3 年前

Yet another CLONE_NEWUSER and fly away to victory privilege escalation. Really seems like enabling that was premature.

woodruffw大约 3 年前

Exploitable uninitialized stack variables in 2022! Remarkable.

评论 #30839028 未加载

eptcyka大约 3 年前

评论 #30840522 未加载

评论 #30840558 未加载

评论 #30845457 未加载

throwaway71271大约 3 年前

You can't have privilege escalation if everyone is root, modern problems require modern solutions.

评论 #30845566 未加载

rvz大约 3 年前

评论 #30839269 未加载

评论 #30839221 未加载

评论 #30839682 未加载

评论 #30839071 未加载

bckr大约 3 年前

评论 #30839586 未加载

评论 #30839752 未加载

评论 #30841918 未加载

评论 #30842456 未加载

评论 #30840277 未加载

评论 #30839657 未加载

hej_ewe大约 3 年前

Is this something that only affects linux servers, or are desktop users affected as well? Apologies if this question is too noob-ish.

MayeulC大约 3 年前

tedunangst大约 3 年前

What's the practical exposure to CLONE_NEWUSER | CLONE_NEWNET?

评论 #30838702 未加载

评论 #30838533 未加载

TruthWillHurt大约 3 年前

I'm going back to kernel 2.6 .

评论 #30842006 未加载

cout大约 3 年前

Is this remotely exploitable or is it only a local vulnerability?

评论 #30850523 未加载

KSPAtlas大约 3 年前

Makes sense for a program which uses the command nft /s

评论 #30840942 未加载

encryptluks2大约 3 年前

Here comes the Rust people saying... should build everything in Rust it will fix all your problems and solve world hunger.

评论 #30839306 未加载

评论 #30839770 未加载

评论 #30845804 未加载

Linux: Vulnerabilities in nf_tables cause privilege escalation, information leak

16 条评论

Linux: Vulnerabilities in nf_tables cause privilege escalation, information leak

16 条评论