Hello everyone
At the moment, there are reports about unfixed privilege escalation vulnerabilities in the GSM kernel module (n_gsm) in the tech news. This
kernel module is shipped with Debian by default.
Two security researchers both claim credit for their discovery[1][2].
Neither researcher do not name any CVE numbers. The Openwall discussion
names several CVE numbers: CVE-2023-6546 and VE-2023-52564. It is not
clear to me whether it is one or multiple vulnerabilities.
However, many Linux users and admins are worrying but cannot find
workarounds or recommendations from a trusted source. A proposed fix
was published, but has already been called ineffective by security researchers[3].
After some research and discussion with Moritz Mühlenhoff, I believe it
is sufficient to blacklist[4] the n_gsm module. To achieve this, create
a file /etc/modprobe.d/n_gsm.conf with the following content:
blacklist n_gsm
install n_gsm /bin/true
For anyone who do not use GSM on their server or workstation, this
probably does not have any downsides.
Best regards
Stephan
[1]
https://github.com/YuriiCrimson/ExploitGSM
[2]
https://jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html
[3]
https://www.openwall.com/lists/oss-security/2024/04/12/1
[4]
https://wiki.debian.org/KernelModuleBlacklisting
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRB1rjSpCJd8a7h6mNgNUJZCjx8YgUCZhmuAQAKCRBgNUJZCjx8 YhukAQDOLGe5co7bZKxAIq45EuGbC7o4Lt3A5RrqAggd0dW/bwEAuUSOC4HGPAN8 ERcTABOrB6TNmwjPqWDO81GdLRc2Tw4=
=k7Am
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)