| Rich Freeman via plug on 13 Aug 2025 06:02:19 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox |
On 8/13/2025 8:39 AM, jeffv via plug wrote:
Critical Linux Kernel Bug Grants Attackers Full Kernel-Level Control from Chrome Sandboxhttps://linuxsecurity.com/news/security-vulnerabilities/linux-kernel-bug-grants-attackers-full-kernel-level-controlHere’s where things go sideways. Horn’s write-up breaks it down, but the takeaway is this: there's a use-after-free (UAF) condition.
From the article:*> Patch, Patch, Patch: *The fix is already upstream. As of kernel version 6.9.8 <https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9.8>, the memory management bug in |MSG_OOB| has been patched.
That's ancient. 6.9 isn't even a maintained kernel version. There is already a 6.12 longterm. This was fixed more than a year ago.
This is interesting of course, but unless you have some embedded system without any updates you'd have to be incredibly lax to have a year old kernel.
-- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug