Security experts release 0-day code that can break the Linux kernel

Article title: Security experts publish 0-day code that can break the Linux kernel. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

A security expert, Brad Spenger, recently released a 0day code against Linux kernel vulnerabilities and said it can bypass the NULL Pointer dereference security protection mechanism of the Linux operating system. This code is intended for a vulnerability in Linux kernel 2.6.30/2.6.18 and is valid for MySQL 32/64 bit.

Version 2.6.18 is the current kernel of Red Hat 5. This code can bypass the NULL Pointer dereference protection mechanism in the Linux kernel and obtain Root-level control of the system. then, the code will disable several security service functions of the system. Previously, it was widely believed that the NULL Pointer dereference protection mechanism could not be bypassed.

Currently, SELinux is usually used to enhance the security of Linux systems, but Spengler points out that this security measure is more convenient for attackers to exploit this vulnerability for attacks.

According to Spenger, the administrator can use the fno-delete-null-pointer-checks function to prevent this vulnerability during kernel compilation.