Top 5 Linux Kernel Vulnerabilities in 2018

Along with the GNU Project. Linux is inarguably one of the OGs of the free and open source software community and ever expanding family of products.

Linux has been around since the early 90’s, when Linus Torvalds, then a student, created a free new kernel for his PC’s operating system. The kernal was released at first under a license Torvalds created, prohibiting commercial use, and soon after adopted the GNU GPL license.

The Linux kernel quickly became the go-to for developers and users, who in turn implemented it in their own free and open source projects. Today, it has a huge community behind it, supported by contributions from 12,000 developers from over 1000 companies, including industry giants like Intel, Red Hat, IBM, Samsung, Google, and Microsoft, to name a few, who have helped it evolve into the 23.3 million lines of source code in Linux kernel v4.15 released this year.

 

What Are the Most Common Linux Vulnerabilities in 2018?

We’ve put together a list of the top 5 Linux Vulnerabilities that hit organizations so far in 2018, aggregated by the WhiteSource database, which is updated continuously from the National Vulnerability Database (NVD), that most developers and security professionals know and love, as well as additional open source publicly available, peer-reviewed security advisories. Some of these might have been first uncovered before 2018, but are still alive and kicking in many systems.

 

#1 CVE-2017-18017

Linux Kernel netfilter: xt_TCPMSS

Vulnerability score: Critical — 9.8

Affected versions: Linux kernel before 4.11, and 4.9.x before 4.9.36

You might recognize this oldy-but-goody from our post covering top open source vulnerabilities in 2017. This comes as a reminder that vulnerabilities won’t just go away if they are not attended to. Organizations that are still (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-5-linux-kernel-vulnerabilities-in-2018