* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, July 12, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    How you can see new movies early – Yahoo

    Unlock the Secret to Watching New Movies Before Everyone Else!

    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

    Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    How you can see new movies early – Yahoo

    Unlock the Secret to Watching New Movies Before Everyone Else!

    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

    Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

March 30, 2024
in Technology
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
Share on FacebookShare on Twitter

A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. 

Running the exploit as a normal user on a vulnerable machine will grant you root access to the box, allowing you to do whatever you want on it. This can be used by rogue insiders or malware already on a computer to cause further damage and problems.

This affects Debian, Ubuntu, Red Hat, Fedora, and no doubt other Linux distributions. The flaw finder, known by the handle Notselwyn, issued a highly detailed technical report of the bug this week, and said their exploit had a success rate of 99.4 percent on kernel 6.4.16, for instance.

The vulnerability is tracked as CVE-2024-1086. It is rated 7.8 out of 10 in terms of CVSS severity. It was patched at the end of January, updates have been rolling out since then, and if you haven’t yet upgraded your vulnerable kernel and local privilege escalation (LPE) is a concern, take a closer look at this thing.

“Never had I ever gotten so much joy developing a project, specifically when dropping the first root shell with the bug,” Notselwyn enthused.

The flaw is a double-free bug in the Linux kernel’s netfilter component involving nf_tables. As the US National Vulnerability Database explained:

All of that can lead to a crash or arbitrary code execution in the kernel upon exploitation. Before heading out for the Easter weekend we’d suggest patching first, again if LPE is a critical issue for you, so the only headache that greets you on Monday morning is pain from too much chocolate.

JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat

Nvidia’s newborn ChatRTX bot patched for security bugs

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

‘Thousands’ of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

In their analysis, Notselwyn details the steps needed to drop a universal root shell on nearly all affected Linux kernels using CVE-2024-1086. This includes a particularly interesting method that builds on an earlier Linux kernel universal exploit technique, dubbed Dirty Pagetable, that involves abusing heap-based bugs to manipulate page tables to gain unauthorized control over a system’s memory and thus operation.

The latest method has been called Dirty Pagedirectory, and Notselwyn says it allows unlimited, stable read/write access to all memory pages in a Linux system, which would give an attacker full control over the box: 

Notselwyn has also shared the source code to an exploit PoC, which is “trivial” to run.

Exploiting the bug requires that the unprivileged-user namespaces option be set to access nf_tables, which is enabled by default on Debian, Ubuntu, and other major distributions. An attacker would then need to trigger a double-free, scan the physical memory for the kernel base address, bypassing KASLR, and then access the modprobe_path kernel variable with read/write privileges.

After overwriting the modprobe_path, the exploit starts a root shell, and then it’s game over. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2024/03/29/linux_kernel_flaw/

Tags: Easy-to-usemake-me-roottechnology
Previous Post

IPL 2024: Why Nicholas Pooran Replaced KL Rahul At Toss For LSG vs PBKS Clash?

Next Post

Malicious SSH backdoor sneaks into xz, Linux world’s data compression library

Seattle Seahawks boost Alaskan high school flag football with training camp – Alaska’s News Source

Seattle Seahawks Elevate Alaskan High School Flag Football with Exciting Training Camp

July 12, 2025
Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

July 12, 2025
New, non-profit in Baldwin County aims at helping fund forensic science related investigations – fox10tv.com

New, non-profit in Baldwin County aims at helping fund forensic science related investigations – fox10tv.com

July 12, 2025
Major Gifts Transform Marine Science at William & Mary and VIMS – Virginia Living

Transformative Major Gifts Propel Marine Science Breakthroughs at William & Mary and VIMS

July 12, 2025
CatanaGroup Launches SEATY: A New Floating Lifestyle Concept – Cruising World Magazine

CatanaGroup Unveils SEATY: Dive Into the Ultimate Floating Lifestyle Experience

July 12, 2025
Readers, we need your help picking the best high school football team – Tulsa World

Vote Now for the Ultimate High School Football Champion!

July 12, 2025
An economy in India lifted by women – The Christian Science Monitor

An economy in India lifted by women – The Christian Science Monitor

July 12, 2025
How you can see new movies early – Yahoo

Unlock the Secret to Watching New Movies Before Everyone Else!

July 12, 2025
Why it’s a rough time to be a health insurer – Axios

Why it’s a rough time to be a health insurer – Axios

July 12, 2025
State Department is firing more than 1,300 staff on Friday – CNN

Over 1,300 State Department Employees Face Layoffs This Friday

July 12, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (717)
  • Economy (740)
  • Entertainment (21,627)
  • General (15,848)
  • Health (9,777)
  • Lifestyle (747)
  • News (22,149)
  • People (742)
  • Politics (750)
  • Science (15,958)
  • Sports (21,239)
  • Technology (15,724)
  • World (723)

Recent News

Seattle Seahawks boost Alaskan high school flag football with training camp – Alaska’s News Source

Seattle Seahawks Elevate Alaskan High School Flag Football with Exciting Training Camp

July 12, 2025
Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

July 12, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version