Expert Insight: New Old Bugs In The Linux Kernel

The research report that recently came out from GRIMM “New Old Bugs in the Linux Kernel,” with details on three exploitable vulnerabilities they’ve found in Linux, industry expert provides insight below.

Experts Comments

March 16, 2021
Michael Mitama
CEO
THETA432

The findings by GRIMM are the reason why classic vulnerability scanning and testing are not enough. This requires consistent threat emulation and threat modeling with not only pentesters but also bug bounty hunters and threat hunters on the team specializing in Linux-based systems to assist in identifying these flaws. This pushes a CIRT to become more mature in its processes of people, and technological understanding of what's under the hood of their systems. The main concern is if the

.....Read More

The findings by GRIMM are the reason why classic vulnerability scanning and testing are not enough. This requires consistent threat emulation and threat modeling with not only pentesters but also bug bounty hunters and threat hunters on the team specializing in Linux-based systems to assist in identifying these flaws. This pushes a CIRT to become more mature in its processes of people, and technological understanding of what's under the hood of their systems. The main concern is if the vulnerability is remotely accessible, and in this case it is not. It seems that the coercion to get it installed is a social engineering vector which seems low probability and main contributing factor to the exploit. The novelty is in this finding which has existed for over a decade. The finding is commendable nonetheless and displays the dynamic skill sets required in mixed environments.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.