Expert Insight: New Old Bugs In The Linux Kernel

By   ISBuzz Team
Writer , Information Security Buzz | Mar 16, 2021 04:31 am PST

The research report that recently came out from GRIMM “New Old Bugs in the Linux Kernel,” with details on three exploitable vulnerabilities they’ve found in Linux, industry expert provides insight below.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Mitama
March 16, 2021 12:36 pm

<p>The findings by GRIMM are the reason why classic vulnerability scanning and testing are not enough. This requires consistent threat emulation and threat modeling with not only pentesters but also bug bounty hunters and threat hunters on the team specializing in Linux-based systems to assist in identifying these flaws. This pushes a CIRT to become more mature in its processes of people, and technological understanding of what\’s under the hood of their systems. The main concern is if the vulnerability is remotely accessible, and in this case it is not. It seems that the coercion to get it installed is a social engineering vector which seems low probability and main contributing factor to the exploit. The novelty is in this finding which has existed for over a decade. The finding is commendable nonetheless and displays the dynamic skill sets required in mixed environments.</p>

Last edited 2 years ago by Michael Mitama

Recent Posts

Would love your thoughts, please comment.x