QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the moment:


Internal Links

SMF Sites

Quick Info

Linux Kernel DirtyCred Vulnerability

Started by Neša, Aug 24, 2022, 07:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Neša

New attack on the Linux Kernel this will also effect android phones. Maybe a new way to root phones without unlocking the boot loader.

https://thesecmaster.com/how-does-dirty-cred-vulnerability-work-and-how-to-protect-your-linux-kernel-from-dirty-cred-vulnerability/


Skhilled

Interesting...but it doesn't give you the info to where you need to add the given code or if it is for linux PC's or Android phones.

Neša

It is a patch for the Kernel, you apply it to the source code and recompile.

This has the patch and a kernel config file.
https://github.com/Markakd/DirtyCred/tree/master/defense

I'll need to compile a kernel for our red hat 7 boxes at work, they won't be getting a patch from Red Hat.
https://access.redhat.com/security/cve/cve-2022-2588

CentOS 7 will get one I could experiment with that kernel I'll need to test and see.


Skhilled

#3
Ah! Duh! LOL I haven't repiled compiled a kernel in ages. LOL

Neša

I've just had another look at the redhat cve link it looks like RHEL7 will get an update so that saves me doing the work :)

Compiling a kernel isn't that big of an issue, I think people are afraid of doing it because they thing they will mess up their install. You keep the old working kernel in the boot loader and can reboot into it if something goes wrong.


Skhilled

I used to be afraid of doing it when I first started too. Mostly, because I was dual booting my Windows PC and didn't want to screw up Windows in the process. Once I got over the fear it worked well. :)