An error in the handling of special netlink messages in the Linux kernel can allow a user to surreptitiously gain root privileges. The discoverer of the hole, Mathais Krause, confirmed to The H's associates at heise Security that Linux kernel versions 3.3 to 3.8 are affected. These are used by, among other things, Fedora 17, 18 and Ubuntu 12.10. Red Hat and SUSE are unaffected as they have not ported the code in question back to the older kernels their distributions are based on.

Netlink is used for communication between processes in userland and kernel (AF_NETLINK). With an appropriately crafted message, a local user without administrative privileges can gain control of a system. First exploits that will do this are already circulating on the net. A patch for Linux systems is already on its way. The crucial element of this flaw is that the otherwise useful defensive restriction mmap_min_addr is not effective because the erroneous access is to an address which is above this threshold and in userspace.

(djwm)