
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution - viraptor
https://www.bleepingcomputer.com/news/security/linux-kernel-prior-to-508-vulnerable-to-remote-code-execution/
======
based2
[https://www.reddit.com/r/sysadmin/comments/boiknf/linux_kern...](https://www.reddit.com/r/sysadmin/comments/boiknf/linux_kernel_prior_to_508_vulnerable_to_remote/)

[https://www.reddit.com/r/netsec/comments/bofpri/linux_kernel...](https://www.reddit.com/r/netsec/comments/bofpri/linux_kernel_prior_to_508_vulnerable_to_remote/)

[https://www.cert-bund.de/advisoryshort/CB-K19-0400](https://www.cert-
bund.de/advisoryshort/CB-K19-0400)

------
BuildTheRobots
Can anyone comment on when this bug was first introduced?

Prior to 5.0.8 seems a little vague, or is my 2.4 box actually affected?

~~~
philca
a more exhausting list of Kernels affected:
[https://www.securityfocus.com/bid/108283](https://www.securityfocus.com/bid/108283)
(the link is in the article)

~~~
BuildTheRobots
Thanks for the link - though I really couldn't find it in article. Doing a
quick Ctrl+F on the source code doesn't show securityfocus being linked to at
all.

Edit: HolyCarp: it looks like my ancient 2.4 kernel actually is vulnerable!

~~~
avian
This looks more like an automatically generated list of all releases "prior to
5.0.8". Since this vulnerability is apparently connected with net namespaces I
doubt it goes all the way back to 2.0.

Edit: git blame shows this commit introducing the if statement that is touched
by the patch linked by OP. It happened somewhere in the 4.2 branch. This
doesn't mean that the problem was introduced exactly then, but it does show
that it's relatively recent code.

[https://github.com/torvalds/linux/commit/467fa15356acfb7b2ef...](https://github.com/torvalds/linux/commit/467fa15356acfb7b2efa38839c3e76caa4e6e0ea#diff-3604e3582e525cf360833fba0165fa3eR357)

