Linux Kernel 5.0 to be Available

There's large amount of interesting changes in new version of OS kernel
04 March 2019   470

After two months of development, Linus Torvalds introduced the release of the Linux 5.0 kernel. Among the most notable changes in the 5.0 kernel: an Android-based ARM big.LITTLE CPU task scheduler was moved, the Adiantum file system encryption mechanism was added, FreeSync technology support was added in the AMDGPU driver, the BinderFS file system was added, the possibility of placing the paging file in Btrfs, UDP adds support for the MSG_ZEROCOPY and GRO (Generic Receive Offload) flags, seccomp has the ability to remove lock handlers into user space.

A significant change in the version number is not an indicator of specific changes, but is formed for aesthetic reasons and only indicates that a number of issues sufficient for the beginning of a new numbering has been accumulated in the 4.x branch. Changing the first number in the kernel version is a formal step, removing the discomfort due to the accumulation of a large number of releases in the series. The transition to versions 3.x was made in 2011, when there were 39 releases in the 2.6.x branch, and the 4.x branch was created in 2015 after the preparation of 20 releases 3.x. At the same time, the change of versions 3.x and 4.x correlated well with the number of git-objects in the repository - core 3.0 was released when there were approximately 2 million objects in the repository, and core 4.0 - 4 million objects. Release 5.0 breaks this logical chain, as currently the repository includes approximately 6.5 million git-objects.

Get more info at official website

Vulnerabilities in Linux & FreeBSD TCP Stacks Detected

There are four vulnerabilities, which are marked as critical by the specialists
18 June 2019   252

Netflix has identified several critical vulnerabilities in the Linux and FreeBSD TCP stacks that allow to remotely initiate a kernel crash or cause excessive resource consumption when processing specially crafted TCP packets (packet-of-death). Problems are caused by errors in the handlers of the maximum size of the data block in the TCP packet (MSS, Maximum segment size) and the mechanism for selective acknowledgment of connections (SACK, TCP Selective Acknowledgment).

CVE-2019-11477 A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. 

Fragments are saved when a packet loss occurs or the need for selective retransmission of packets, if SACK is enabled and TSO is supported by the driver. With a minimum MSS, only 8 bytes are allocated for one data segment, respectively, the number of segments required to send all data increases, and the structure can reach a limit of 17 fragments. To protect against overflow, there is a check in the code that calls the BUG_ON () function and puts the kernel in the panic state.

CVE-2019-11478 (SACK Slowness) It is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. On Linux kernels prior to 4.15, an attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

CVE-2019-5599 (SACK Slowness) It is possible to send a crafted sequence of SACKs which will fragment the RACK send a map. An attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

CVE-2019-11479 -An attacker can force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data. This drastically increases the bandwidth required to deliver the same amount of data. Further, it consumes additional resources (CPU and NIC processing power). This attack requires continued effort from the attacker and the impacts will end shortly after the attacker stops sending traffic.

Get more info on the vulnerabilities, walkarounds and fixes at openwall.