Two serious security flaws in the Linux kernel were (finally) fixed this week. THE first (Januscape) allowed an attacker who rented a virtual machine from cloud services to escape this limited environment and take full control of the physical server on which it was hosted.
In turn, and equally worrying, the second (GhostLock) it allowed a common user of the system to gain maximum privileges, becoming an administrator of the machine. Both they were hidden in the code more than 15 years ago.
| Feature | Januscape | GhostLock |
|---|---|---|
| CVE | CVE-2026-53359 | CVE-2026-43499 |
| Failure type | Use-after-free (memory corruption) | Use-after-free (memory corruption) |
| What affects | KVM, the system that creates and manages virtual machines on Linux | Code that organizes the processor task queue (futex priority inheritance) |
| Hidden time | 16 years old | 15 years |
| What an attacker can do | Control the physical server from a rented virtual machine (RCE) or take down all virtual machines on the same server (DoS) | Become system administrator (root) from a common account |
| What the attacker needs to have | Root privileges within the virtual machine | An account with limited rights on the system |
| Affected processors | AMD and Intel | — |
| Who discovered | Researcher Hyunwoo Kim | Nebula Security team using Vega AI scanner |
| Amount paid by Google (through the kernelCTF Bug-Bounty program) | US$250 thousand | $92,337 |
| Severity note | — | 7.8 out of 10 |
The risk for cloud services
THE Januscape works within the KVMwhich is the program responsible for creating virtual machines within Linux. The problem lies in the part that translates memory addresses between the virtual machine and the physical server that hosts it, a process called memory emulation. Shadow MMU.
The researcher Hyunwoo Kim explained that the attack comes exclusively from within the virtual machine. An attacker who rented a single instance in a public cloud service could cause the physical server to crash, bringing down all other customers’ virtual machines that are on the same machine.
The other possibility is andexecute commands as physical server administratortaking control of the machine and all virtual machines hosted on it.
Kim published demo code that, when run inside the virtual machine, causes the physical server to crash.
He stated that he also has a code that completely escapes the virtual machine and gives full control over the server, but will only publish it in the very distant future.
The fault is not in QEMUanother program that also works with memory in virtualization. This means that the attack works even in clouds that set up their own virtualization environment, without using the default settings.
read more
- NVIDIA open driver takes historic step and gains experimental support for DLSS on Linux
- Linux finally fixes bug that limited 4K capture cards to 30 FPS
- Valve works directly with NVIDIA to support SteamOS
How GhostLock Turned an Ordinary User into an Administrator
Matt Lucasresearcher and founder of RedEye Security, detailed that the GhostLock it’s in a part of the kernel that manages the processor’s task queue.
This system exists to prevent an urgent task from being stopped, waiting behind an unimportant task.
The problem appears at a very specific moment: when an operation reaches a dead end and needs to backtrack.
At that time, the cleaning that the system doeshappens at the wrong time and erases the record of the incorrect task. THE kernel it keeps holding a reference to a piece of memory that has already been erased and reused for something else. Relying on this old reference is a complete mistake, he explained. Lucas.
The team at Nebula Security used this error as a starting point and set up a sequence of steps to trick the kernel and make it execute commands as if it were the system administrator.
THE code in which the problem is was written in 2011 and, because it was widely used and rarely revised, the flaw went unnoticed all these years.
Finally, we emphasize that both flaws have already received official fixes in the Linux kernel. Who uses operating system You must check with the responsible distribution whether the corresponding update is already available for the installed version.
And there? What did you think about the controversial subject? Share your opinions and continue following Adrenaline!
Source: arstechnica
MagicX reveals the Mini40, new Linux-based retro emulation laptop.
Source: www.adrenaline.com.br
Source link
