CVE-2016-8655 Five-Year-Old Linux Kernel Local Privilege-Escalation Vulnerability Discovered

Home / CVE-2016-8655 Five-Year-Old Linux Kernel Local Privilege-Escalation Vulnerability Discovered
Share This:

A five-year-old serious privilege-escalation vulnerability has been discovered in the Linux kernel that affects almost every distro of the Linux operating system, including Red Hat and Ubuntu. Back in October, a nine-year-old privilege-escalation vulnerability, dubbed Dirty COW was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu. This newly discovered Linux kernel vulnerability (CVE-2016-8655) dates back to 2011 and could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel.

Philip Pettersson, the researcher who discovered the flaw, was able to create an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities.

About CVE-2016-8655

According to the Red Hat Security Advisory:

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer.

A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

How Do I Fix CVE-2016-8655 On Linux?

The vulnerability was patched in the mainline kernel last week, so system administrators are advised to update their Linux distro as soon as possible.

Find Your Kernel Version

Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:

$ uname -a
$ uname -mrs

Debian or Ubuntu Linux

$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
$ sudo reboot

RHEL / CentOS Linux 5.x/6.x/7.x

$ sudo yum update
$ sudo reboot

RHEL / CentOS Linux 4.x

$ sudo up2date -u
$ sudo reboot

Suse Enterprise Linux or OpenSUSE Linux

# zypper patch
# reboot

References

RHEL/CentOS: CVE-2016-8655
Ubuntu: CVE-2016-8655

By | 2016-12-07T12:00:38+00:00 December 7th, 2016|Categories: Linux, Security|Tags: , , , , , , |0 Comments

Leave a Comment