Open source software developers are struggling with a major flaw in a Linux driver that could potentially lead to cyber attacks, and the “emergency completion of work” due to damage to the nucleus.
According to developer Carol Herbst from Red Hat, errors have been discovered in the code of the Nouveau driver, which is used in the development of Mesa, Nouveau driver and open steak OpenCl. These errors can lead to work in progress being suddenly terminated due to damage to the nucleus, which can be caused by contact with the code to the already released area of memory.
While the failure has not yet been confirmed as an exploit, the potential for the vulnerability to allow an outsider to increase privileges in the system is troubling. Furthermore, it is possible that damage to the nucleus could impact the areas in which the structures of the File System Ext4 are stored, leading to an unexpected and potentially severe violation of file system integrity.
The developers have released a patch to solve this problem, which can be found on their website. However, the patch has yet to be officially accepted into the nucleus, leaving the driver open to potential cyber attacks.
The team has not released any information on whether or not this error has led to any significant security breaches in the past, but the severity of its potential impact on the system leaves many concerned about its continued use.
To clarify, Herbst’s original tweet discussing the issue can be found here. The patch can be found here, and a discussion of the issue can be found here.