Recent disclosures by security researchers highlight an integer overflow vulnerability, known as “Mutagen Astronomy,” present in the Linux kernel. This weakness potentially enables unprivileged users to escalate their permissions to superuser level on the compromised system, marking a significant security risk.
The vulnerability, tracked as CVE-2018-14634, was identified by Qualys, a provider specializing in cloud security and compliance solutions. It affects various kernel versions released from July 2007 to July 2017, notably impacting distributions such as Red Hat Enterprise Linux, CentOS, and Debian. The exploit primarily resides in the create_elf_tables() function, responsible for memory table management.
To effectively exploit this vulnerability, an attacker would require access to the targeted system. By executing a carefully crafted exploit to induce a buffer overflow, they can run malicious code, thereby gaining full control of the affected system. The advisory further specifies that this vulnerability can leverage a SUID-root binary to escalate privileges, although it is limited to 64-bit systems.
According to Qualys, systems running 32-bit architectures are not at risk due to their smaller address space, which inhibits successful exploitation. Specifically, systems with less than 32 GB of RAM are considered less likely to be vulnerable due to memory constraints during the exploit process.
Qualys’ advisory elucidates that only kernels featuring a certain commit from July 2007, lacking an update from July 2017, are considered exploitable. Vulnerable kernel versions include 2.6.x, 3.10.x, and 4.14.x.
While numerous Linux distributions have implemented the necessary patches, long-term support versions of Red Hat, CentOS, and Debian 8 Jessie have not yet addressed the issue, leaving them exposed to potential attacks.
The timeline of the vulnerability’s disclosure shows that Qualys notified Red Hat on August 31, 2018, and Linux kernel developers shortly thereafter on September 18. Following an assessment, Red Hat classified the flaw as “important,” assigning it a CVSS score of 7.8, which denotes high severity. Patches are now being rolled out to address the flaw in Red Hat Enterprise Linux 6, 7, and MRG 2, although older kernel versions with Red Hat Enterprise Linux 5 remain unaffected.
Additionally, Qualys has made public both technical specifications and proof-of-concept exploits, which could potentially encourage malicious actors to attempt similar attacks if unpatched systems remain in operation.
In light of the potential for exploitation, business owners operating in environments utilizing vulnerable Linux kernel versions should assess their systems for exposure, promptly applying patches to mitigate the risk of privilege escalation attacks. The situation underscores the necessity of maintaining updated security measures to safeguard against emerging vulnerabilities.