linux-announce AT lists.psi.ch
Subject: Linux Mailing List
List archive
- From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
- To: linux-announce AT lists.psi.ch
- Subject: [[Linux-announce] ] Linux Kernel 0-day exploit in Xen + GSM code
- Date: Fri, 12 Apr 2024 14:56:23 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 20.250.76.7) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O71y+WywioP4CU6OQlwI1Ipqc51OzaroZhVihKDuKvc=; b=GN3FUPzOhZYClwigr3tjd1Dhi/IO95LQ4ccTe57j8GMZiKi0Fj91caAaMufWWO2hoGV4kGOCxowBquaGOA+YOKDxSmau2WIGSdGEE3Qsq40dyxKJ1JdNNxB3tzU1hd7sPUWYsGKtGH2Vi+xULbxL980B5PF3p64iYInYa0MYDwKJUFCr6ItuYEjk4uGaHkXV4y8fwCVfdXfaKDQ5TUslo0O+xY6u4bjYrc/8Da2skWmHt/RlyspD6PoR+7xvKLCHIaX56ff3brVeTnKYFXtGrZ2hTQR9gl8YbgAbaMZPRyz8whUXY26MhICbw7vxbFUluK4qbxIhQVbKQiacCn7mIg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eINWcPx2SSADwXlTX/ZuMV0ksowEhEqpuuW1eaAgmSP9z1+GnfwWfpOY4fqAgMct+ETsPk9P0KqP9Us9KElyHlhE6UJ6S/eHWl5khUbrdE3eGzN/wIHV9lbHHA0+9Ux0uvqPODqSbCHVnJ9+1dKaDN2QxtAbcNeXwQ1cKerZMHq4vWOzgH1qlE3tdaPEj9hCBYyLaOtnVBm/GNATwD9db3WEGrKngO1fvCI7y+1KCR+gmnIlnxC6vOaShAMO23Hv58bq7BNqMHjnMg6j8dEGTV9KKr590JcACuNatpxh3kOr7sderyKguCxSG/VNs+8SmE45E0JCp6U/fhRlZuRv/g==
- Authentication-results: mc4.ethz.ch; iprev=pass (mail-switzerlandnorthazon11022019.outbound.protection.outlook.com) smtp.remote-ip=52.101.186.19; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
Dear Linuxers
There are are reports of a Linux kernel 0-day exploit:
https://www.heise.de/en/news/Linux-kernel-New-exploit-provides-root-rights-9682659.html
I had a look if our RHEL8 is affected or not. The exploit needs Xen and GSM support in the kernel.
1. Xen support
==============
Xen support is compiled in:
[root@lxdev01 ~]# grep -i xen /boot/config-$(uname -r)
CONFIG_XEN=y
...
[root@lxdev01 ~]# grep xen /proc/kallsyms | wc -l
1033
[root@lxdev01 ~]#
2. GSM support
==============
GSM support is available as module:
[root@lxdev01 ~]# grep -i gsm /boot/config-$(uname -r)
CONFIG_N_GSM=m
[root@lxdev01 ~]# find /lib/modules/$(uname -r)/ -name "*gsm*"
/lib/modules/4.18.0-513.18.1.el8_9.x86_64/kernel/drivers/tty/n_gsm.ko.xz
[root@lxdev01 ~]#
but it is not loaded by default:
[root@lxdev01 ~]# lsmod | grep gsm
[root@lxdev01 ~]# grep gsm /proc/kallsyms
[root@lxdev01 ~]#
Conclusion
==========
You are fine except if you have some GSM hardware attached.
Kind regards
Konrad
--
Paul Scherrer Institut
Konrad Bucheli
Linux Systems Engineer
Core Linux Research Services
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland
Phone: +41 56 310 27 24
konrad.bucheli AT psi.ch
www.psi.ch
- [[Linux-announce] ] Linux Kernel 0-day exploit in Xen + GSM code, Konrad Bucheli (PSI), 04/12/2024
Archive powered by MHonArc 2.6.24.