An IT safety alert replace for a identified vulnerability has been issued for the Linux kernel. You can discover out what affected customers can do right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 20, 2024 to essentially the most weak safety gap within the Linux kernel identified on December 17, 2019. The safety vulnerability impacts the Linux working system and the merchandise Amazon Linux 2, Ubuntu Linux and Open Source Linux Kernel.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Amazon Linux Security Advisory ALASKERNEL-5.4-2024-066 (From 20 May 2024). Some helpful assets are listed later on this article.
Multiple Linux Kernel Vulnerabilities – Risk: High
Risk degree: 5 (excessive)
CVSS Base Score: 7.8
CVSS interim rating: 7.0
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS normal makes it attainable to check potential or precise safety dangers primarily based on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally take note of modifications over time within the danger scenario. According to CVSS, the present vulnerability menace is taken into account “excessive” with 7.8 foundation factors.
Linux Kernel Bug: Summary of identified vulnerabilities
The kernel represents the core of the Linux working system.
A neighborhood attacker can exploit many vulnerabilities within the Linux kernel to achieve administrative privileges, trigger a denial of service, or have unspecified penalties.
Vulnerabilities are categorized utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2019-19241 and CVE-2019-19602.
Systems affected by the safety hole at a look
working system
Linux
Products
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
Open Source Linux Kernel
Common steps to deal with IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace obtainable.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug stories, safety fixes and workarounds.
Amazon Linux Security Advisory ALASKERNEL-5.4-2024-066 vom 2024-05-20 (20.05.2024)
For extra data, see:
Ubuntu Security Notice USN-4284-1 vom 2020-02-18 (18.02.2020)
For extra data, see:
PoC CVE-2019-19241 vom 2019-12-23 (22.12.2019)
For extra data, see:
National Vulnerbility Database CVE-2019-19602 vom 2019-12-17 (17.12.2019)
For extra data, see:
National Vulnerbility Database CVE-2019-19241 vom 2019-12-17 (17.12.2019)
For extra data, see:
Version historical past of this safety alert
This is model 4 of this IT safety discover for the Linux kernel. If additional updates are introduced, this doc shall be up to date. You can examine modifications or additions on this model historical past.
December 17, 2019 – First model
12/22/2019 – Exploit added
February 18, 2020 – Added new updates for Ubuntu
May 20, 2024 – Added new updates from Amazon
+++ Editorial observe: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de