Nasty Linux kernel bug found and fixed

[JoeFootball]

TLDR: Update your kernel.

https://www.zdnet.com/article/nasty-lin ... and-fixed/

[Schultz]

This line from the linked article caught my eye:

This security hole was introduced back on Feb 28, 2019, in the Linux 5.1-rc1 kernel. It's now present in all Linux kernels. Yes, all of them.

So it's present in older kernels as well, i.e., 4.x kernels, etc.?

[JoeFootball]

So it's present in older kernels as well, i.e., 4.x kernels, etc.?

I see what you're saying by the author's wording, but I'm only seeing recent updates for 5.4.x, 5.11.x, and 5.13.x. The last update for 4.15.x was back on 2022-01-06.

[t42]

Good article by Steven but he forgot to say that after sudo sysctl -w kernel.unprivileged_userns_clone=0 the reboot is necessary as processes that are already running in a user namespace will stay.
Still it is another malicious local user vulnerability, though real. But nothing new, it is clear from the 2016 lwn article https://lwn.net/Articles/673597/ that the security of user namespaces were doubtful from the begging. I thought that on Debian handling of user namespaces by non-privileged process is disabled by default but, surprise, writing this on sid I've got

Code: Select all

cat  /proc/sys/kernel/unprivileged_userns_clone
1

Edit: There is no problem in LMDE4 :
/proc/sys/kernel/unprivileged_userns_clone = 0

[SMG]

If I am reading this correctly, the fix is in 5.4.0-96 which rolled out this past week.

linux (5.4.0-96.109) focal

* CVE-2022-0185
- SAUCE: vfs: Out-of-bounds write of heap buffer in fs_context.c
- SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

I believe the other supported kernels had updates at approximately the same time, so I expect they also have the patch.