New Linux Kernel Vulnerability Discovered

Issue still remains uncorrected in some popular distributions (Debian, RHEL, SUSE, Ubuntu)
04 February 2019   1054

A vulnerability has been found in the Linux kernel (CVE-2019-7308), which makes it possible to bypass the protection against conducting Spectre v1 attacks by using the eBPF subsystem. The problem is fixed in kernel releases 4.19.19 and 4.20.6, but still remains uncorrected in distributions (Debian, RHEL, SUSE, Ubuntu).

In order to read data from privileged memory areas using Specter v1 attack, you must have a certain sequence of commands in the privileged code. Such combinations of commands were removed from the Linux kernel, but the developers did not take into account the fact that the eBPF subsystem allows initiating execution of arbitrary BPF programs in the context of the kernel. Through BPF bytecode manipulation, an attacker can accomplish the eBPF JIT compiler, which is necessary for making Specter v1’s attack, a combination of machine instructions, which lead to speculative access to external memory areas when performing operations with the pointer.

Additionally, there is a suggestion to include a patch in the Linux kernel that implements an additional mode for disabling Specter protection based on the use of PSTATE-bits SSBS (Speculative Store Bypass Safe). Such protection significantly reduces performance, so it is enabled at the application level using the PR_SET_SPECULATION_CTRL command in prctl (as a rule, programs with JIT, for example, Java, are subject to attack). The problem is that when you disable speculative operations, this state is inherited for child processes. To disable security inheritance (blocking inheritance of speculative operations) when starting new processes, the PR_SPEC_DISABLE_NOEXEC flag has been proposed.

VirtualBox to Get Updates For 3 Versions

Versions 6.1.2, 6.0.16 and 5.2.36 were released, and, for example, 18 vulnerabilities were fixed in version 6.1.2
16 January 2020   110

Oracle has released a virtualization release for VirtualBox 6.1.2, which notes 16 fixes. At the same time, the corrective releases of VirtualBox 6.0.16 and 5.2.36 were also released.

Major changes in release 6.1.2:

  • 18 vulnerabilities were eliminated, of which 6 are of a high degree of danger (CVSS Score 8.2 and 7.5). Details are not reported, but judging by the CVSS level, some problems allow the code to be executed on the host system side from the guest environment;
  • On the host side, support for the Linux 5.5 kernel has been added (not yet supported on guest systems);
  • In additions for guest systems, when using the VMSVGA driver, processing of multi-monitor configurations and resizing of the workspace has been improved;
  • Improved virtio-scsi performance;
  • Added support (in read-only mode) for compressed clusters in QCOW2 images;
  • The problem that leads to reduced performance of guest systems with Windows XP on hosts with AMD processors has been resolved;
  • Correct reporting of CPUID IBRS / IBPB support has been established, which allowed to solve the problem with the crash of the NetBSD 9.0 RC1 installer;
  • The GUI resolved problems with updating information about the state of the virtual machine;
  • In the screen settings, the output of the option "2D video acceleration" is removed, if it is not supported by the selected graphics adapter;
  • The problem with the processing of audio input when turning on VRDE;
  • Fixed crash in the code for emulating HDA-sound in configurations with several speakers;
  • The problem with using encrypted disks with snapshots has been fixed;
  • The vbox-img.exe utility is returned to the installer for Windows;
  • When installing or removing a set of extensions in Windows, support for retrying a directory rename operation in the event of a failure, usually arising from antivirus activity, is implemented;
  • Windows includes hardware-based 2D video decoding if the VBoxSVGA driver with 3D active mode is used.

Get more at the changelog in the wiki of the project.