William Liu, one of the developers of Linux, found a bug in the Linux kernel. All kernel versions since February 2019 have been vulnerable to buffer overflows.

Bugs in the Linux kernel are rare, but conceivable nonetheless. William Liu (Linux kernel developer) found a vulnerability in fs/fs_context.c, a program within the kernel. One of the parameters in the program (legacy_parse_param) is used by Linux’s file systems to mount storage blocks. A misconfiguration of the parameter causes negative numbers to be calculated as positive numbers. When entering a large number, the program writes off data outside the available memory. In short: a buffer overflow.

Is it practical?

To exploit the vulnerability, a potential attacker must be able to influence the number that the parameter works with. This is impossible without local access. Therefore, the vulnerability is not exploitable outside the network. Should a potential attacker gain local access, the buffer overflow is doable. A system can be taken down. If CAP_SYS_ADMIN (Kernel configuration) is enabled, it becomes possible to increase user privileges and invade a system.

The vulnerability received a severe CVSS score of 7.7. The bug first appeared in version Linux 5.1-cr1, available since February 28, 2019. A patch is available for every version released since 5.1.