Linux Kernel v2.6 Local Root Exploit ( vmsplice ) Found

by Vivek Gite · 4 comments

Linux kernel version from 2.6.17 to 2.6.24.1 all are affected because of vmsplice bug. The exploit code can be used to test if a kernel is vulnerable and it can start a root shell.

=> Debian Bug report logs

=> Fix 1 and Fix 2

Update: See how to apply a patch to kernel source tree.

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 4 comments… read them below or add one }

1 Jerod 02.11.08 at 3:15 pm

What would be helpful would be an explanation of how to apply these fixes to a vulnerable kernel.

2 goll 02.11.08 at 7:36 pm

I second that!

3 Erek Dyskant 02.11.08 at 9:34 pm

Howdy All,
I have a redhat/Centos RPMs with the upstream kernel patch compiled at http://erek.blumenthals.com/blog/

4 Peter 03.10.08 at 11:44 pm

Don’t let this one slide people – patch now.

All distro’s now have updated kernel packages. Apply them. :)

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post:

Next post: