What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

News CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability

DJones

Very Senior Member

~ Redhat

Overall the risk in my opinion is low for everyday users, and would require a physical or virtual usb device with infected vulnerable code to execute on a Linux machine. Likely this code would have to come from a already vulnerable device. Not a security researcher so this is just from what I’ve read.
 
Last edited:
Once again Forbes writes an article that the sky is falling. As I see it, Linux kernel 2.5.26 is affected and the warning was to US Government Agencies.
 
Once again Forbes writes an article that the sky is falling. As I see it, Linux kernel 2.5.26 is affected and the warning was to US Government Agencies.

Yep. News articles sensationalize everything, this isn’t surprising to me what so ever. It’s a valid 0-day, but it’s not a concern for 99.9% of home users even android. For sysadmins in government or datacenters this could be a concern, but the physical nature of the penetration would mean it’s a targeted attack and you probably have bigger concerns at hand.
 
The press is out of touch with reality, but Red Hat should have released updates by now. Currently stable versions are 6.12.13 and 6.13.2 experimental is now 6.14 rc2

So they should have updated to the latest version of their subsystem which would be 6.12.13. This CVE was fixed in 6.12 rc8
 
Vuln's like this are more about a chain of attacks - e.g. peeling things up a step at a time...

Not all Linux distros are on the same timelines for mitigations - some might have it covered already, some might not.
 
Not all Linux distros are on the same timelines for mitigations - some might have it covered already, some might not.
Redhat is kind of a different animal as it behind a little in the update timeline compared to the experimental platform Fedora. Plus I think they leave their system buggy so they can get people to pay for their support.
 
the sky is always falling these days , it gets clicks sell print . Anything to make a buck
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top