{"id":167197,"date":"2022-12-24T17:13:01","date_gmt":"2022-12-24T17:13:01","guid":{"rendered":"https:\/\/harchi90.com\/linux-admins-have-a-cvss-10-kernel-bug-to-address-the-register\/"},"modified":"2022-12-24T17:13:01","modified_gmt":"2022-12-24T17:13:01","slug":"linux-admins-have-a-cvss-10-kernel-bug-to-address-the-register","status":"publish","type":"post","link":"https:\/\/harchi90.com\/linux-admins-have-a-cvss-10-kernel-bug-to-address-the-register\/","title":{"rendered":"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register"},"content":{"rendered":"<div id=\"body\">\n<p>Merry Christmas, Linux systems administrators: Here&#8217;s a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. <\/p>\n<p>Yes, this sounds bad, and a score of 10 isn&#8217;t reassuring at all.  Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn&#8217;t appear to be that widespread.<\/p>\n<p>Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15.  Disclosure was responsively held until a patch was issued.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n        <noscript><\/p>\n<p>                <\/p>\n<p>        <\/noscript>\n    <\/div>\n<p>Unlike that other popular SMB server for Linux, which runs in userspace, ksmbd operates in the kernel.  That triggered alarm bells among some users discussing its merge last year. <\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><\/p>\n<p>                    <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y6czGRYh3E-bhIQieMJlRAAAAMI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><\/p>\n<p>                        <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y6czGRYh3E-bhIQieMJlRAAAAMI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>SerNet, a German IT firm that offers its own version of Samba, said in a blog post that ksmbd was impressive, but said it appeared somewhat immature.  Furthermore, the Samba+ team from SerNet said in a blog post, the value of adding an SMB server to kernel space might not be worth the risk to &#8220;squeeze the last bit of performance out of the available hardware.&#8221; <\/p>\n<p>Developed by Samsung to implement server-side SMB3 with optimized performance and a smaller footprint, the ksmbd vulnerability could lead to an attacker leaking an SMB server&#8217;s memory, similar to the Heartbleed attack.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n            <noscript><\/p>\n<p>                    <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y6czGRYh3E-bhIQieMJlRAAAAMI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>            <\/noscript>\n        <\/div>\n<p>Fortunately, if you aren&#8217;t running Samsung&#8217;s &#8220;&#8216;experimental&#8217; ksmbd module,&#8221; as security researcher Shir Tamari <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/shirtamari\/status\/1606031277236187136\" rel=\"nofollow\">described<\/a> it on Twitter, and have stuck with Samba you&#8217;re perfectly safe. <\/p>\n<p>&#8220;ksmbd is new; most users still use Samba and are not affected. Basically, if you are not running SMB servers with ksmbd, enjoy your weekend,&#8221; Tamari said on Twitter.<\/p>\n<p>According to the Zero-Day Initiative, which disclosed the ksmbd vulnerability, the use-after-free flaw exists in the processing of SMB2_TREE_DISCONNECT commands.  According to ZDI, the issue is due to ksmbd not validating the existence of objects prior to performing operations on them. <\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><\/p>\n<p>                    <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y6czGRYh3E-bhIQieMJlRAAAAMI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>            <\/noscript>\n        <\/div>\n<p>For those using ksmbd, there is a solution other than switching to Samba: Updating to Linux kernel version 5.15.61, released in August, or a newer version.<\/p>\n<p>That Kernel update also fixed a couple other issues in ksmbd, too: an out-of-bounds read for SMB2_TREE_CONNECT, which the patch note said could allow invalid requests not to validate messages, and a memory leak in smb2_handle_negotiate leading to memory not being properly freed. <\/p>\n<h3 class=\"crosshead\">Dodge &#8220;grift cards&#8221; by spending that holiday cash now<\/h3>\n<p>Lots of ready-made kit for would-be hackers can be found on the dark web;  one trend recently noticed by the team at Cybersixgill has been gift card generators not only guess card numbers, but also check their validity by the thousands.<\/p>\n<p>Like brute force password crackers, the tools being sold online randomly guess the digits of gift cards issued by companies like Amazon, Microsoft, Sony, Apple and others, with varying degrees of speed and accuracy based on how predictable a card&#8217;s number sequence is. <\/p>\n<p>Those generators are often paired with &#8220;checkers&#8221; that will run the generated gift card numbers against an issuer&#8217;s website to look for balance or activation status, which is then returned to the criminal behind the keyboard. <\/p>\n<p>Adi Bleih and Dov Lerner from Cybersixgill told <em>The Register<\/em> that using software of the kind being sold on the dark web to generate, guess and verify gift card numbers is easy enough that &#8220;a kid with Tor could do it,&#8221; they said. <\/p>\n<p>When looking for cards, criminals don&#8217;t always look for fully loaded ones, or even wait for unactivated cards to go live: They&#8217;re out for cards with just a small balance remaining.  &#8220;Those cards get forgotten about,&#8221; Bleih said, and cybercriminals can look for working cards &#8220;by the thousands&#8221; thanks to the tools easily found online. <\/p>\n<p>The moral of this holiday story?  If you get a gift card, spend it quickly, and spend it all;  If you give one, urge the recipient to do the same.<\/p>\n<h3 class=\"crosshead\">Meta gets light wrist tap of $725m over Cambridge Analytica<\/h3>\n<p>Details of Meta&#8217;s settlement in the scandal consumer lawsuits filed against it because of the Cambridge Analytica, which was initially decided in August, hadn&#8217;t been revealed, but documents filed in the case this week indicate the price of Meta&#8217;s bad behavior is just $725 million .<\/p>\n<p>Don&#8217;t break out the expensive stuff yet: Only 25 percent of that cash will go to the between 250 and 280 million Facebook users included in the class, lawyers for the plaintiffs told <em>Reuters<\/em>. <\/p>\n<p>Still, the legal eagles say it&#8217;s the largest data privacy class action settlement in US history, and the most Meta has ever had to pay to resolve a legal case.<\/p>\n<p>For those that have put Facebook&#8217;s data privacy scandal out of their minds, Cambridge Analytica was a data firm employed by the Donald Trump campaign in 2016. As part of its data harvesting operations, Cambridge Analytica created Facebook apps that collected data from tens of millions of users without their knowledge.<\/p>\n<p>$725 million also may seem like a lot of money, but don&#8217;t forget the context: Meta&#8217;s revenue in Q3 of this year alone was $27.7 billion.  Sure, Meta has cut its workforce and is hemorrhaging cash, but what&#8217;s another $725 million?  \u00ae<\/p>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Merry Christmas, Linux systems administrators: Here&#8217;s a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Yes, this sounds bad, and a score of 10 isn&#8217;t reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/linux-admins-have-a-cvss-10-kernel-bug-to-address-the-register\/\"> <span class=\"screen-reader-text\">Linux admins have a CVSS 10 kernel bug to address \u2022 The Register<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Linux admins have a CVSS 10 kernel bug to address \u2022 The Register - harchi90<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register - harchi90\" \/>\n<meta property=\"og:description\" content=\"Merry Christmas, Linux systems administrators: Here&#8217;s a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Yes, this sounds bad, and a score of 10 isn&#8217;t reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that &hellip; Linux admins have a CVSS 10 kernel bug to address \u2022 The Register Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5\" \/>\n<meta property=\"og:site_name\" content=\"harchi90\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-24T17:13:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/regmedia.co.uk\/2020\/12\/08\/shutterstock_stuck_working_xmas.jpg\" \/>\n<meta name=\"author\" content=\"islamlacoste58\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/regmedia.co.uk\/2020\/12\/08\/shutterstock_stuck_working_xmas.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"islamlacoste58\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/harchi90.com\/linux-admins-have-a-cvss-10-kernel-bug-to-address-the-register\/\",\"url\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5\",\"name\":\"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register - harchi90\",\"isPartOf\":{\"@id\":\"https:\/\/harchi90.com\/#website\"},\"datePublished\":\"2022-12-24T17:13:01+00:00\",\"dateModified\":\"2022-12-24T17:13:01+00:00\",\"author\":{\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\"},\"breadcrumb\":{\"@id\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/harchi90.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/harchi90.com\/#website\",\"url\":\"https:\/\/harchi90.com\/\",\"name\":\"harchi90\",\"description\":\"Just another WordPress site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/harchi90.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\",\"name\":\"islamlacoste58\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"caption\":\"islamlacoste58\"},\"sameAs\":[\"http:\/\/harchi90.com\"],\"url\":\"https:\/\/harchi90.com\/author\/islamlacoste58\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register - harchi90","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5","og_locale":"en_US","og_type":"article","og_title":"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register - harchi90","og_description":"Merry Christmas, Linux systems administrators: Here&#8217;s a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Yes, this sounds bad, and a score of 10 isn&#8217;t reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that &hellip; Linux admins have a CVSS 10 kernel bug to address \u2022 The Register Read More &raquo;","og_url":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5","og_site_name":"harchi90","article_published_time":"2022-12-24T17:13:01+00:00","og_image":[{"url":"https:\/\/regmedia.co.uk\/2020\/12\/08\/shutterstock_stuck_working_xmas.jpg"}],"author":"islamlacoste58","twitter_card":"summary_large_image","twitter_image":"https:\/\/regmedia.co.uk\/2020\/12\/08\/shutterstock_stuck_working_xmas.jpg","twitter_misc":{"Written by":"islamlacoste58","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/harchi90.com\/linux-admins-have-a-cvss-10-kernel-bug-to-address-the-register\/","url":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5","name":"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register - harchi90","isPartOf":{"@id":"https:\/\/harchi90.com\/#website"},"datePublished":"2022-12-24T17:13:01+00:00","dateModified":"2022-12-24T17:13:01+00:00","author":{"@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b"},"breadcrumb":{"@id":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQWh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv0gFFaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tL0FNUC8yMDIyLzEyLzI0L2JhY2tfdG9fd29ya19saW51eF9hZG1pbnMv?oc=5#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/harchi90.com\/"},{"@type":"ListItem","position":2,"name":"Linux admins have a CVSS 10 kernel bug to address \u2022 The Register"}]},{"@type":"WebSite","@id":"https:\/\/harchi90.com\/#website","url":"https:\/\/harchi90.com\/","name":"harchi90","description":"Just another WordPress site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/harchi90.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b","name":"islamlacoste58","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/harchi90.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","caption":"islamlacoste58"},"sameAs":["http:\/\/harchi90.com"],"url":"https:\/\/harchi90.com\/author\/islamlacoste58\/"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":95722,"url":"https:\/\/harchi90.com\/microsoft-patch-tuesday-fixes-new-windows-zero-day-no-patch-for-exchange-server-bugs\/","url_meta":{"origin":167197,"position":0},"title":"Microsoft Patch Tuesday Fixes New Windows Zero-Day;  No Patch for Exchange Server Bugs","date":"October 13, 2022","format":false,"excerpt":"Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":6480,"url":"https:\/\/harchi90.com\/pixel-6-and-galaxy-s22-affected-by-major-new-linux-kernel-vulnerability\/","url_meta":{"origin":167197,"position":1},"title":"Pixel 6 and Galaxy S22 affected by major new Linux kernel vulnerability","date":"July 6, 2022","format":false,"excerpt":"Read update More information from the researcher A seemingly major vulnerability has been discovered by security researcher and Northwestern PhD student Zhenpeng Lin, affecting the kernel on the Pixel 6 and 6 Pro and other Android devices running Linux kernel versions based on 5.10 like the Galaxy S22 series. Precise\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":62761,"url":"https:\/\/harchi90.com\/apples-ios-and-google-chrome-updates-fix-serious-security-flaws\/","url_meta":{"origin":167197,"position":2},"title":"Apple&#8217;s iOS and Google Chrome Updates Fix Serious Security Flaws","date":"September 1, 2022","format":false,"excerpt":"August was a bumper month for security patches, with Apple, Google, and Microsoft among firms issuing emergency fixes for already exploited vulnerabilities. The month also saw some big fixes arriving from the likes of VMWare, Cisco, IBM, and Zimbra.Here's everything you need to know about the important security fixes issued\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":98108,"url":"https:\/\/harchi90.com\/researchers-detail-windows-zero-day-vulnerability-patched-last-month\/","url_meta":{"origin":167197,"position":3},"title":"Researchers Detail Windows Zero-Day Vulnerability Patched Last Month","date":"October 15, 2022","format":false,"excerpt":"Details have emerged about a now-patched security flaw in Windows Common Log System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":41696,"url":"https:\/\/harchi90.com\/a-long-known-linux-zero-day-was-just-patched-with-googles-help\/","url_meta":{"origin":167197,"position":4},"title":"A Long-Known Linux Zero-Day Was Just Patched With Google&#8217;s Help","date":"August 10, 2022","format":false,"excerpt":"photo: Justin Sullivan (Getty Images)Google's Threat Analysis Group revealed new details today about its efforts to identify and help patch a zero-day exploit impacting Android devices built by a commercial surveillance vendor and dating back to at least 2016. The research, presented at the Black Hat cybersecurity conference in Las\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":34262,"url":"https:\/\/harchi90.com\/vmware-releases-patches-for-several-new-flaws-affecting-multiple-products\/","url_meta":{"origin":167197,"position":5},"title":"VMware Releases Patches for Several New Flaws Affecting Multiple Products","date":"August 3, 2022","format":false,"excerpt":"Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"fifu_image_url":"https:\/\/regmedia.co.uk\/2020\/12\/08\/shutterstock_stuck_working_xmas.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/167197"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=167197"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/167197\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=167197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=167197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=167197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}