Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6323

Workaround for the GSM privilege escalation vulnerability

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hello everyone

At the moment, there are reports about unfixed privilege escalation
vulnerabilities in the GSM kernel module (n_gsm) in the tech news. This
kernel module is shipped with Debian by default.
Two security researchers both claim credit for their discovery[1][2].
Neither researcher do not name any CVE numbers. The Openwall discussion
names several CVE numbers: CVE-2023-6546 and VE-2023-52564. It is not
clear to me whether it is one or multiple vulnerabilities.
However, many Linux users and admins are worrying but cannot find
workarounds or recommendations from a trusted source. A proposed fix
was published, but has already been called ineffective by security
researchers[3].

After some research and discussion with Moritz Mühlenhoff, I believe it
is sufficient to blacklist[4] the n_gsm module. To achieve this, create
a file /etc/modprobe.d/n_gsm.conf with the following content:

blacklist n_gsm
install n_gsm /bin/true

For anyone who do not use GSM on their server or workstation, this
probably does not have any downsides.

Best regards
Stephan

[1] https://github.com/YuriiCrimson/ExploitGSM
[2] https://jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html
[3] https://www.openwall.com/lists/oss-security/2024/04/12/1
[4] https://wiki.debian.org/KernelModuleBlacklisting

Back to linux.debian.security | Previous | Next | Find similar | Unroll thread

Thread

Workaround for the GSM privilege escalation vulnerability Stephan Verbücheln <verbuecheln@posteo.de> - 2024-04-13 00:00 +0200

csiph-web