Introducing Qwiet AI AutoFix! Reduce the time to secure code by 95% Read More

Always be yourself. Unless you can become Batman, then be Batman. Although this meme-based life philosophy is funny, it hints at a truth you may have started discovering recently. In a digitally transformed business world, threat actors treat the web application vulnerability landscape like a digital Gotham. To perpetrate their criminal activities, malicious actors focus on popular technologies, like Linux. As an open-source technology, Linux presents cybercriminals with additional benefits because they can access the source code, enabling them to do even more damage across the software supply chain. 

As a developer, you can be both yourself and a Dark-Knight-inspired vigilante by mitigating the risks that Linux security vulnerabilities pose to your application’s security.  

What is a Linux kernel security vulnerability?

A Linux kernel security vulnerability is a weakness within the operating system’s (OS’s) core component that manages resources and enables communication between software and hardware. These vulnerabilities can arise from the following:

  • Coding errors
  • Design flaws 
  • Unforeseen combinations of instructions

As an open-source operating system, security researchers and attackers actively hunt for potential vulnerabilities in the accessible source code. 

What are the different types of threats on Linux systems?

As a versatile and powerful OS, Linux became popular for running web servers, applications, and other intensive workloads. Over the last few years, attackers have increasingly targeted Linux distributions:

To secure their applications, developers should consider the following when engaging in threat modeling:

  • Unpatched kernel vulnerabilities: Exploiting known vulnerabilities undermines the Linux built-in security measures, especially on storage devices
  • Botnets: Controlling devices by injecting them with malicious code through the compromised OS
  • Denial of Service (DoS) attacks: Overwhelming the server’s operating system with too many requests, causing it to stop responding to legitimate requests
  • Network intrusion: Exploiting vulnerabilities to escalate privileges for administrative access

Critical Linux security vulnerabilities to worry about

Between January and July 2023, researchers published 82 Linux security vulnerabilities with a criticality score of 7 or above. However, only 17 of those published vulnerabilities had an Exploit Prediction Scoring System (EPSS) probability of exploitation activity in the next 30 days of 0.05% or higher. Further, of those twelve only one appears to be a known exploited vulnerability. 

Developers should ensure that they scan their code for the following vulnerabilities:

  • CVE-2023-0266 Linux kernel use-after-free vulnerability (Known Exploited Vulnerability): Allows for privilege escalation to ain ring0 access from system user 
  • CVE-2023-2156: May allow for unauthenticated remote attacker to create DoS condition by using flaw in Linux kernel’s networking subsystem
  • CVE-2023-1390: Results in CPU system utilization to spike to 100%, causing DoS condition 
  • CVE-2023-0210: Affects kernel’s authentication and known to crash OS
  • CVE-2023-0045: Leaves victim vulnerable to values injected on BTB prior to prctl syscall with recommendation to upgrade past commit a664ec9158eeddd75121d39c9a0758016097fa96
  • CVE-2023-3338: May allow remote users to crash the system by exploiting null pointer dereference flaw in DECnet networking protocol
  • CVE-2023-2008: May allow for privilege escalation and arbitrary code execution through udmabuf device driver flaw, exiting within the fault handler
  • CVE-2022-4379: Allows for remote DoS by exploiting use-after-free vulnerability in __nfs42_ssc_open() in fs/nfs/nfs4file.c
  • CVE-2023-3269: Allows for arbitrary kernel code execution, container escalation, and root privilege through vulnerability in memory management subsystem
  • CVE-2023-0122: Allows for Pre-Auth DoS attack on remote machine through NULL pointer dereference vulnerability in nvmet_setup_auth()
  • CVE-2023-3776: Allows for local privilege escalation through reference counter control with recommendation to upgrade past commit 0323bce598eea038714f941ce2b22541c46d488f
  • CVE-2023-3610: Allows for local privilege escalation with recommendation to upgrade past commit 4bedf9eee016286c835e3d8fa981ddece5338795
  • CVE-2023-3609: Allows for local privilege escalation with recommendation to upgrade past commit 04c55383fa5689357bcdd2c8036725a55ed632bc
  • CVE-2023-3312: Allows for DoS by exploiting cpufreq subsystem vulnerability in drivers/cpufreq/qcom-cpufreq-hw.c
  • CVE-2023-1829: Allows privilege escalation to root with recommendation to upgrade past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
  • CVE-2023-31248: Allows privilege escalation when `nft_chain_lookup_byid()` fails to check whether a chai is active and CAP_NET_ADMIN is in any user or network namespace
  • CVE-2023-2007: Allows privilege escalation and remote code execution when combined with other vulnerabilities through flaw in DPT I2O Controller driver
  • CVE-2023-2006: Allows privilege escalation and arbitrary code execution through flaw in RxRPC network protocol, within the processing of RxRPC bundles

 

Qwiet.ai: Finding the Real Threats through Reachability

As attackers increasingly target Linux vulnerabilities, you need visibility into the ones that can become true threats. Remediating 82 new vulnerabilities over 8 months is overwhelming, especially as researchers find more CVEs and you build more code. Even keeping up with the 18 vulnerabilities that attackers are likely to exploit can be challenging, especially as that number can change from one day to the next. 

Qwiet AI’s preZero platform enables you to rapidly scan your code to identify vulnerabilities in source code and business logic. To help you prioritize your activities, you can focus on those vulnerabilities that attackers can actively exploit within the context of your application. Further, our Blacklight is the first threat intelligence feed designed to help developers prioritize fixes by focusing on the exploits, threat actors, ransomware, and botnet actively exploiting vulnerabilities in the wild.

Take our preZero platform for a spin for free to see for yourself how Qwiet AI can help you identify Linux security vulnerabilities.

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit: www.shiftleft.io.

Share

Read Next

AI Announcements Cybersecurity
April 29, 2024 4 min to read

The Qwiet AI Code Doctor Will See You Now – Introdu...

by Stuart McClure

Qwiet AI and the ancient Greek physicians like the father of medicine Hippocrates have much in common. Hippocrates highlighted the significance of a healthy diet and lifestyle in preventing diseases and acknowledged the root cause of physical and psychological ailments as diet and lifestyle choices (Διαιτήμασί in Greek), and now Qwiet AI is delivering his […]

READ MORE
AI Cybersecurity
April 29, 2024 10 min to read

Revolutionizing Vulnerability Detection and Patching

by Chetan Conikee

In the ever-evolving landscape of software development, ensuring the security of applications has become a paramount concern. As cyber threats continue to grow in sophistication, it is crucial for developers and security professionals to stay ahead of the curve. This article explores a groundbreaking approach that combines the power of Code Property Graphs (CPGs) and […]

READ MORE
Cybersecurity
April 22, 2024 6 min to read

What are the limitations of using ChatGPT to write code?

Love them or hate them, large language models (LLM) are here to stay. After opening the Pandora’s Box of ChatGPT in late 2022, everyone from developers to grandmas began using the tool to get the answers they wanted – and fast. As with every other new technology, ChatGPT created a new set of security risks, […]

READ MORE

Read Next

AppSec Cybersecurity DevOps Engineering
September 7, 2023 5 min to read

Handling JWT Safely: Mitigating Common Security Risks

Introduction The world of application development is a balance between providing features and ensuring security. One tool that stands as a bridge between functionality and security is the JSON Web Token (JWT). While powerful and versatile, like all tools, it requires understanding and caution in its implementation. A Primer on JWTs JWT is a concise, […]

READ MORE
Cybersecurity
March 15, 2022 7 min to read

Secure Software Summit: The State of OSS Supply Chain Sec...

  The Open Source Software (OSS) Supply Chain is under attack. As evidenced by the recent Log4Shell vulnerability, the OSS supply chain is increasingly a focus for attackers seeking to exploit weak links in security. A number of research reports have recorded a significant increase in so-called “next-gen software supply chain attacks” over the past […]

READ MORE
Cybersecurity
December 1, 2021 5 min to read

Keeping the wrench out of the gears: 5 tips for achieving...

More often than not, when people hear the word “compliance” they assume it will be a roadblock to speed. For DevOps teams, reduced speed and productivity undermine their goals. At the same time, experiencing more data breaches leads to new compliance mandates as legislative bodies and industry standards organizations try to set minimum security baselines. […]

READ MORE
Subscribe to newsletter
Privacy Policy Terms of Service © 2024 Qwiet. All rights reserved
Services
Company
Platform
Resources
Log In