[ShadowAce]

FTA--

..while the vulnerabilities are serious, the silver lining is that both require an attacker to be a local authorized user.

[ShadowAce]

[Flick Lives]

“On its own, it’s not going to give a remote attacker access to anything, but if combined with other attacks, it’s possible an attacker could leverage a user account from somewhere else and pivot into this to get root access,” Smith said.

—

that’s a bit of a stretch involving vigorous hand waving. An attack causing a memory exception which crashes the system is bad, but it does not correlate to getting root access.

[rarestia]

It always amuses me that this is so common but Microsoft takes a heaping truckload of shit when they disclose a similar vulnerability.

[polymuser]

For many, for primary comm’s with others, for store cash registers and gas pumps, and now for working from home, a PC can be much like a horse was 150 years ago — crucial in a person’s life.

Hackers need hanging from the neck until dead.

[asinclair]

...while the vulnerabilities are serious, the silver lining is that both require an attacker to be a local authorized user.

No need for alarm for most people.

Two common uses of the Linux operating system are in WiFi access points and firewall appliances (I'm looking at YOU, Protectli and pfSense). As long as the Linux kernel is sufficiently robust enough to deny remote penetrations past a competently-configured firewall, computer users — including Microsoft OS users — are safe from penetration-based attacks.

To that end, I am designing a firewall for a fanless computing appliance that builds on more than 20 years of success in IPv4, and also provides the same protection of IPv6. Different realms that have different methods. For IPv6, instead of trying to use NAT, it protects a subnet of the IPv6 address space assigned to the site. Inside computers can "call out" and get responses, but outside entities can't "call in".

This scheme protects any computer or internet-capable device that asks for an IPv6 address using DHCP6, because most DHCP6 servers will allocate addresses from the low end of the pool. If a device wants a "public" address, and has been properly protected, the sysadmin can give that computer an unprotected address. (Or partially protected: the firewall will block a lot of Bad Stuff™.)

[Pollard]

the silver lining is that both require an attacker to be a local authorized user.

Nothing for me to worry about then.

[daniel1212]

A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether. The two flaws – CVE-2021-33909 and CVE-2021-33910, respectively...they again highlighted flaws that can be found buried in the OSes and could lead to major headaches if exploited by bad actors...since there are so many different forks that fall under the Linux ecosystem

Get on it right away. I tried to grow corn once but while the kernel was able to gain full root privileges this was a vulnerable host and a virus became a growing threat within the ecosystem, and which later enabled infiltration by attackers going by the handle of "raccoon."