Anonymous ID: 0336d2 July 9, 2023, 2:22 a.m. No.19148750   🗄️.is 🔗kun   >>8830

https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html

https://archive.is/ZQKuu

 

Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (CVE-2023-3269)

 

Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host.

 

Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.

 

"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said.

 

"However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging."

 

Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds.

 

A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.

 

The flaw is essentially rooted in a data structure called maple tree, which was introduced in Linux kernel 6.1 as a replacement for red-black tree (rbtree) to manage and store virtual memory areas (VMAs), a contiguous range of virtual addresses that could be the contents of a file on disk or the memory a program uses during execution.

 

https://access.redhat.com/security/cve/cve-2023-3269

Anonymous ID: 0336d2 July 9, 2023, 3:26 a.m. No.19148846   🗄️.is 🔗kun

>>19148839

>need to fight back

No, most are stupid bots.

Case in point yesterday that "Dirk" guy with the same images over and over and over was tested w/ various captchas and failed them all, until 30 minutes in, when the operator finally took control

 

ergo sum it would be a waste of time arguing with these retardo bots

the bot posts should get deleted, that is all.

Anonymous ID: 0336d2 July 9, 2023, 3:30 a.m. No.19148851   🗄️.is 🔗kun

>>19148843

Actually on Linux you get way more updates and way shorter "supported releases"

It's the same shit show anyway.

 

Corporations like Steam are even pushing for "upgrades" as well, although they wouldn't have to.

 

Steam for example has a full web browser inside of it, which is terrible software design and it makes no sense. And it's outdated on top of that, like 1 year old shit.

Of course the launchers of other stores do the same, which again, makes no sense.

At least the GOG one is optional, as it should be, and GOG doesn't lock you out of your games either, thanks to no DRM.

 

And in fact there are still web browsers that work fine on Windows 7. Web browsers that want to do exactly that job, being a web browser and nothing else.

Anonymous ID: 0336d2 July 9, 2023, 3:34 a.m. No.19148852   🗄️.is 🔗kun   >>8859 >>8866

>>19148848

The common web browsers are spyware too.

Firefox has tons of telemetry inside of it, same is true for the Google shitshow browser.

 

And in fact some browsers even have the ability to let foreign Javascript fucking SCAN the ports of the localhost or local network.

 

Imagine putting something like that into a browser and going "yeah, this makes sense"

 

It's used for additional fingerprinting, when available.

 

See here:

https://ports.sh/

 

a good well programmed web browser DOES NOT SUPPORT THIS SHIT.

Anonymous ID: 0336d2 July 9, 2023, 3:43 a.m. No.19148858   🗄️.is 🔗kun   >>8860 >>8865 >>8866

>>19148854

>while opening system up for publishing and network exploits.

when you don't connect your PCs directly to the public internet, your actual problem is the web browser, and nothing else.

 

What you should do in any case is an ad blocker as well as JavaScript blocker. That gets rid of a lot of problems already.

 

Also fun fact: someone tried to get his Windows 98 PC infected with viruses, because the fear porn told him so.

In reality even him downloading viruses in a larger zip file and executing them didn't work, because the viruses didn't support Windows 98, kek