Kernel 2.6.25: 64 Bit Systems At Risk

Jul 14, 2008

The changelog for kernel 2.6.25.11 includes just a single entry, however, it seems to be so important that the Kernel Stable Team urgently advises users to upgrade the kernel on 64 bit multiple user systems.

The patch by Geman developer Michael Karcher remove an issue in the local descriptor table (ldt) on x86_64 systems. Details of the bug have not yet been disclosed. In his release announcement Greg Kroah-Hartman writes that systems with unrestricted user accounts should definitely be updated. It can be assumed that logged in users are able to escalate their privileges thanks to the bug.

A couple of days ago, the kernel 2.6.25.10 release removed two vulnerabilities both of which affected the x86_64 platform. The first bug affected several drivers and could be exploited to run arbitrary code, or crash the kernel. The second bug affected the "sys32_ptrace()" function in "arch/x86/kernel/ptrace.c" and could cause an overflow of the "refcount" field in the "task_struct" structure, thus causing a number of system errors.

The bugs affect all 2.6.25 series kernels. The kernel development team urgently advises users to install patches.

Related content

comments powered by Disqus

Issue 19: Linux Shell Handbook 5th Ed./Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News