Ubuntu Security Notice USN-5092-2

Discussion in 'News Aggregator' started by Packet Storm, 30 Sep 2021.

  1. Packet Storm

    Packet Storm Guest

    Ubuntu Security Notice 5092-2 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.

    Continue reading...

Share This Page