* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, June 21, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Tech Champions with Leo Bletnitsky of Healthy Technology Solutions – Buzz Media Group

    Meet Tech Champion Leo Bletnitsky of Healthy Technology Solutions

    Crypto’s true revolution is about humanity, not technology – Cointelegraph

    Crypto’s Real Revolution: Transforming Humanity Beyond Technology

    $1 Billion Problem: New Technology Could Save Your Daily Cup of Coffee – SciTechDaily

    The $1 Billion Challenge: How New Technology Could Rescue Your Daily Cup of Coffee

    Canada’s construction industry gets serious about investing in technology as pressure mounts to do more with less – Yahoo Finance

    Canada’s Construction Industry Accelerates Tech Investments to Overcome Growing Challenges and Boost Efficiency

    Workforce Technology Eases Staffing Shortages in Rural Health Care – AJMC

    Workforce Technology Eases Staffing Shortages in Rural Health Care – AJMC

    Get the lead out: Putting new at-home lead testing technology to the test | Denver7 Investigates – Denver7

    Putting the Latest At-Home Lead Testing Technology to the Ultimate Test

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Tech Champions with Leo Bletnitsky of Healthy Technology Solutions – Buzz Media Group

    Meet Tech Champion Leo Bletnitsky of Healthy Technology Solutions

    Crypto’s true revolution is about humanity, not technology – Cointelegraph

    Crypto’s Real Revolution: Transforming Humanity Beyond Technology

    $1 Billion Problem: New Technology Could Save Your Daily Cup of Coffee – SciTechDaily

    The $1 Billion Challenge: How New Technology Could Rescue Your Daily Cup of Coffee

    Canada’s construction industry gets serious about investing in technology as pressure mounts to do more with less – Yahoo Finance

    Canada’s Construction Industry Accelerates Tech Investments to Overcome Growing Challenges and Boost Efficiency

    Workforce Technology Eases Staffing Shortages in Rural Health Care – AJMC

    Workforce Technology Eases Staffing Shortages in Rural Health Care – AJMC

    Get the lead out: Putting new at-home lead testing technology to the test | Denver7 Investigates – Denver7

    Putting the Latest At-Home Lead Testing Technology to the Ultimate Test

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

March 30, 2024
in Technology
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
Share on FacebookShare on Twitter

A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. 

Running the exploit as a normal user on a vulnerable machine will grant you root access to the box, allowing you to do whatever you want on it. This can be used by rogue insiders or malware already on a computer to cause further damage and problems.

This affects Debian, Ubuntu, Red Hat, Fedora, and no doubt other Linux distributions. The flaw finder, known by the handle Notselwyn, issued a highly detailed technical report of the bug this week, and said their exploit had a success rate of 99.4 percent on kernel 6.4.16, for instance.

The vulnerability is tracked as CVE-2024-1086. It is rated 7.8 out of 10 in terms of CVSS severity. It was patched at the end of January, updates have been rolling out since then, and if you haven’t yet upgraded your vulnerable kernel and local privilege escalation (LPE) is a concern, take a closer look at this thing.

“Never had I ever gotten so much joy developing a project, specifically when dropping the first root shell with the bug,” Notselwyn enthused.

The flaw is a double-free bug in the Linux kernel’s netfilter component involving nf_tables. As the US National Vulnerability Database explained:

All of that can lead to a crash or arbitrary code execution in the kernel upon exploitation. Before heading out for the Easter weekend we’d suggest patching first, again if LPE is a critical issue for you, so the only headache that greets you on Monday morning is pain from too much chocolate.

JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat

Nvidia’s newborn ChatRTX bot patched for security bugs

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

‘Thousands’ of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

In their analysis, Notselwyn details the steps needed to drop a universal root shell on nearly all affected Linux kernels using CVE-2024-1086. This includes a particularly interesting method that builds on an earlier Linux kernel universal exploit technique, dubbed Dirty Pagetable, that involves abusing heap-based bugs to manipulate page tables to gain unauthorized control over a system’s memory and thus operation.

The latest method has been called Dirty Pagedirectory, and Notselwyn says it allows unlimited, stable read/write access to all memory pages in a Linux system, which would give an attacker full control over the box: 

Notselwyn has also shared the source code to an exploit PoC, which is “trivial” to run.

Exploiting the bug requires that the unprivileged-user namespaces option be set to access nf_tables, which is enabled by default on Debian, Ubuntu, and other major distributions. An attacker would then need to trigger a double-free, scan the physical memory for the kernel base address, bypassing KASLR, and then access the modprobe_path kernel variable with read/write privileges.

After overwriting the modprobe_path, the exploit starts a root shell, and then it’s game over. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2024/03/29/linux_kernel_flaw/

Tags: Easy-to-usemake-me-roottechnology
Previous Post

IPL 2024: Why Nicholas Pooran Replaced KL Rahul At Toss For LSG vs PBKS Clash?

Next Post

Malicious SSH backdoor sneaks into xz, Linux world’s data compression library

When Technology Meets Ecology: Charting a Bold Path for Our Planet’s Future

June 21, 2025
‘Jaws’ at 50: Scientists Are Still Studying the Mysteries of Sharks – The New York Times

Jaws at 50: Exploring the Timeless Mysteries of Sharks

June 21, 2025
A Cracked Piece of Metal Self-Healed in Experiment That Stunned Scientists – ScienceAlert

Self-Healing Metal: The Revolutionary Experiment That Amazed Scientists

June 21, 2025
How leading Bollywood actresses are adopting one transformative lifestyle shift – Times of India

How Leading Bollywood Actresses Are Fearlessly Embracing a Bold New Lifestyle Transformation

June 21, 2025
Muskego mom breaks world record in planking – WISN

Muskego mom breaks world record in planking – WISN

June 21, 2025
Russian Minister Warns of Recession as Officials Spar on Economy – Bloomberg

Russian Minister Issues Recession Warning Amid Heated Economic Debate

June 21, 2025
Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

June 21, 2025
Breakfast key to meeting daily fiber needs amid American ‘health crisis’ – Fox News

How Breakfast Can Help You Crush Your Daily Fiber Goals During America’s Health Crisis

June 21, 2025
A Senator Who Was on a Hit List Fears the Fueling of Political Violence – The New York Times

Senator on Hit List Sounds Alarm Over Escalating Political Violence

June 21, 2025
Should You Buy Micron Technology Stock Before June 25? – The Motley Fool

Is Now the Perfect Moment to Invest in Micron Technology Before June 25?

June 21, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (696)
  • Economy (710)
  • Entertainment (21,611)
  • General (15,499)
  • Health (9,751)
  • Lifestyle (715)
  • News (22,149)
  • People (713)
  • Politics (717)
  • Science (15,930)
  • Sports (21,206)
  • Technology (15,695)
  • World (690)

Recent News

When Technology Meets Ecology: Charting a Bold Path for Our Planet’s Future

June 21, 2025
‘Jaws’ at 50: Scientists Are Still Studying the Mysteries of Sharks – The New York Times

Jaws at 50: Exploring the Timeless Mysteries of Sharks

June 21, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version