Old Linux Storage Bugs, New Security Patches

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Though you may not have utilized SCSI (Small Computer System Interface) for a long time, however, the old storage software still supports Linux and security holes that have been discovered and fixed within it.

There is likely no computing hardware that couldn’t run Linux operating system. However, often you can find security vulnerabilities within legacy programs. And, similar is the case is with Linux’s Small Computer System Interface (SCSI) data transport driver.

3 Security Vulnerabilities Found in Old Linux Storage

Researchers at security company GRIMM found 3 security vulnerabilities:- CVE-2021-27365CVE-2021-27363, and CVE-2021-27364 in an old Linux storage. Out of the three, the first two of them had a Common Vulnerability Scoring System (CVSS) score over 7, which is high. Though the bugs are more than 15 years old, they are still pretty much around.

One of these security bugs can be used for executing a Local Privilege Escalation (LPE) attack. In plain English, a normal user can exploit this vulnerability to become the root user.

The vulnerable SCSI code isn’t loaded by default on most desktop distros. However, on the server where it needs a high throughput, low-latency networking technology like RDMA (Remote Direct Memory Access) it will possibly autoload the rdma-core Linux kernel module, which brings with it the vulnerable SCSI code. 

Exploiting the security bug ain’t that easy, but GRIMM has issued proof of concept exploit, which explains how to exploit two of the security vulnerabilities. And, now the method has been revealed, you can expect attackers will give it a try. 

Thankfully, these security vulnerabilities have already been patched. However, we suggest you patch your Linux distros as soon as possible.

Interested in Linux News’ and Web Hosting News daily update? Subscribe to our newsletter for daily updates.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This