A security vulnerability has been hidden within the Linux kernel for close to seven years, and even though Linux kernel developers and the open source OS’s major distros have known about the flaw since at least June, several distros still remain vulnerable — potentially putting their users at risk, considering the severity of the vulnerability, according to researchers.
That’s in spite of the fact that the mainline Linux kernel received an update to address the security flaw last week. But for Linux’s biggest distros, rolling out a working patch can be a time-consuming effort. LinuxPlanet takes a look at the vulnerability and the effort to lock it down.
The Linux kernel has potentially been at risk from a flaw that has been present in Linux since 2003, according to a new finding from security researcher Invisible Things Lab. And while the flaw has now been patched in the mainline Linux kernel, it’s not clear yet if all Linux distros have implemented the patch — potentially leaving them open to exploitation by attackers.
Security researcher Rafal Wojtczuk from Invisible Things Lab detailed the kernel flaw in a report (PDF format) released officially this week, although Linux developers and distros have been aware of the issue since at least June.