A nasty local kernel vulnerability

Over the weekend, the networking tree accepted a fix for an out-of-bounds access error that appears to be exploitable by an unprivileged local user to gain root access. Even worse, there are indications that this bug (which affects kernels from 3.3 onward) has been known about since mid-2012; exploits exist in the wild. No distributor updates exist as of this writing; presumably they will not be long in coming.

[Update February 27: Distributions have started putting out updates for the vulnerability.]

Comments (68 posted)