Linux 'io_uring' security blindspot allows stealthy rootkit attacks

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. [...]

A vulnerability has been lurking in the Linux kernel since 2019. Thus, the kernel function io_uring can be used to bypass all existing security controls - for full root access. Even early security features are powerless. (Continue reading)

Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor

An Israeli vendor was able to evade several leading Linux runtime security tools using a new proof-of-concept (PoC) rootkit that it claims reveals the limitations of many products in this space.  The work of cloud and Kubernetes security company Armo, the PoC is called ‘Curing’, a portmanteau word that combines the idea of a ‘cure’ with the io_uring Linux kernel interface that the company used in its bypass PoC. Using Curing, Armo found it was p…

Clandestine rootkit compromise possible with Linux io_uring interface issue

Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io…

Linux vulnerability exploit bypasses security services

ARMO researchers reveal critical vulnerability in Linux security solutions that allows attackers to perform malicious activities undetected via io_uring.

An attacker can trigger a buffer overflow of the Linux kernel, via HFS+, in order to trigger a denial of service, and possibly to run code. View online: https://vigilance.fr/vulnerability/...