A recently discovered vulnerability in the Linux kernel could allow an attacker to gain root privileges. Exploits are available for several Linux distributions, but the vulnerability does not appear to be fully patched.
The Linux world has barely recovered from the security fiasco surrounding a backdoor based on the XZ compression tools before a new vulnerability appears, this time in the Linux kernel: The newly discovered security flaw could allow third parties to perform a so-called Local Privilege Escalation (LPE), allowing an attacker to gain root privileges and take over the entire system. The vulnerability is categorised as CVE-2023-6546 in Red Hat’s bug tracker and is assigned a high priority and severity rating.
According to Heise Security, references to this new vulnerability in the Linux kernel have been circulating for several days, but were apparently first reported on 21 March in the blog of a Linux user interested in cyber security. In response to an enquiry from Heise Security on the “oss-security” mailing list, the vulnerability was reported on Thursday evening: It is probably an unpatched vulnerability that affects all kernel versions, a so-called zero-day vulnerability.
