Is all the talk this past week…
When not stepped on by the IoT Dyn botnet attack.
This website including exploit code example (There are many more published examples of exploit code)
- Affects anything running on a Linux kernel since 2007 (I assume since approx kernel v2.5.x) and that includes Linux derivatives like Android. Curiously, BSD kernels and derivatives like Apple may not be affected.
- Scope and impact - Elevation to “near” root permissions.
From what I can see, it looks like SUSE/openSUSE is on top of this, and should be pushing out the patch soon if not already, although the vulnerability is based on on the kernel version and not openSUSE version, openSUSE seems to be saying that “all” openSUSE is affected but lists only going back to 13.1 (maybe should be restated as “all currently supported?”), I’m sure that if anyone is still running something like 12.1/12.2/12.3 those would also be affected.
Curiously if someone is running an ancient (monolithic?) kernel, they might not be affected.
And, of course this almost certainly is just another attack vector for those same IoT devices that were used by the Mirai botnet attack on Dyn.
Bottom line, update your systems and make sure your kernel is replaced in one of those updates when it becomes available (assuming very, very soon). Don’t wait. And, if anyone is running an unsupported version of openSUSE, this makes the decision to upgrade and replace <absolutely> critical and not just “highly recommended.”