• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Proof-of-Concept Exploit Released for Linux Kernel Out-of-Bounds Write Vulnerability

erek

erek

Fully [H]
2FA
Joined
Dec 19, 2005
Messages
17,421
"The Linux kernel contains an out-of-bounds write vulnerability CVE-2024-26581 with a CVSSv3 score of 7.8. If exploited, a local attacker could leak sensitive information, escalate privileges to root, or execute arbitrary code.
Public proof-of-concept exploit released for CVE-2024-26581
Security researchers have released a public proof-of-concept exploit for CVE-2024-26581. Exploitation is considered more likely."

1725752539258.png

Source: https://digital.nhs.uk/cyber-alerts/2024/cc-4544
 
Fun times.

At least you don't have to worry about this one unless you give untrusted people local console access to your linux machine.

Still, short term, until it is patched, users will have to be more careful about what they execute locally just in case.
 
Zarathustra[H] said:
Also, total dick move to release info about a discovered security hole before giving the responsible party ample time to patch it, test the patch and roll that patch out first.

They should be ashamed of themselves.
Click to expand...

May have to take that last part back. Looks like it might just have been patched in the latest revisions of a couple of branches of the kernel.

1725753336215.png


Also, no mention of the 6.8 kernel.
 
Zarathustra[H] said:
Also, total dick move to release info about a discovered security hole before giving the responsible party ample time to patch it, test the patch and roll that patch out first.

They should be ashamed of themselves.
Click to expand...
^^ What he said. ^^ I abso-freekin-lutely agree with Zarathustra[H] here. The guys who published this. What are they trying to prove? That they are like 3 year olds?
 
uOpt said:
Or somebody breaks into your apache uid and can get to root this way.
Click to expand...
Or you have infected physical media or interface devices.
Drop a few USB keys around an Nvidia office that have an inline keyboard emulator cooked into it, just to see if somebody plugs one in.
 
Lakados said:
Or you have infected physical media or interface devices.
Drop a few USB keys around an Nvidia office that have an inline keyboard emulator cooked into it, just to see if somebody plugs one in.
Click to expand...
FIRST you have to get INTO this office.
 
philb2 said:
FIRST you have to get INTO this office.
Click to expand...
Nah sprinkle a few around the lobby, maybe just outside the front doors, one or two at the restaurants in the area they may eat at.

Somebody will pick one up and plug it into something and then it’s just downhill from there.
 
philb2 said:
FIRST you have to get INTO this office.
Click to expand...
You'd be shocked how easy that can be sometimes.

Wear a suit and a fake Microsoft badge, and walk in saying you are there for the license audit.

Or wear a maintenance worker like outfit, carry a big ring of keys and a clipboard, and mutter something about a work order as you walk right by the security desk.

Shit like that.

It's crazy the places social engineering can get you in sometimes.
 
You must log in or register to reply here.
Back
Top