The Truth is Powerful
Old Linux storage bugs, new security patches
One of the good things about Linux is that it supports so much old hardware. With just a bit of work, there’s almost no computing hardware that can’t run Linux. That’s the good news. The bad news is that sometimes ancient security holes can be found within old programs. That’s the case with Linux’s Small Computer System Interface (SCSI) data transport driver.
Want a good tech job? Then you need to know Linux and open-source software. One of the best ways to pick them up is via a Linux Foundation course.
A trio of security holes — CVE-2021-27365 , CVE-2021-27363 , and CVE-2021-27364 — was found by security company GRIMM researchers in an almost forgotten corner of the mainline Linux kernel. The first two of these have a Common Vulnerability Scoring System (CVSS) score above 7, which is high. While you may not have had a SCSI or iSCSI drive in ages, these 15 years old bugs are still around. One of them could be used in a Local Privilege Escalation (LPE) attack. In other words, a normal user could use them to become the root user.
Don’t let the word “local” fool you. As Adam Nichols, Principal of Software Security […]