new linux exploit is absolutely insane

Thanks for watching guys! ( come learn C at lowlevel.academy/ 🥺

Back in the good old days if you forgot your root password you could get back in just by running /usr/bin/ping (which was always setuid root) with a long option. Now you have to do all this extra compiling. Linux is just not as user friendly as it used to be.

It was discovered in January, 2024. And has been patched already. All the rolling distributions would have the patch already installed. Ubuntu has already issued the patch back in Jan.

The most shocking part of this video was that 2016 was 8 years ago.

What I like about Linux is that when a vulnerability like this is found, the community comes together and fixes it asap.

If you're wondering which kernel versions are vulnerable, here's what I found: The exploit affects kernel versions from (including) v5.14 to (including) v6.6, excluding patched branches v5.15.149>, v6.1.76>, v6.6.15>.

I just read this entire write up yesterday, and I was blown away with the thoroughness and complexity of the research. And, it was only found because the author found a bug while trying to do some work. Most people just find another way, this guy found a wild exploit. Very impressive. Cheers to notselwyn

me, a plucky wizards apprentice resetting user passwords and setting up accounts, watching a YouTube video about dark sorcerers unraveling death itself and warping space and time

We’re making it out of the userspace with this one boys

Hi, this was a slightly unleveled video: It was basic in the beginning with you explaining what the kernel does and about syscalls, and then you explained the whole exploit in less time than that, which was too advanced. I know what the kernel is and that by interfacing with the kernel you are asking the kernel to do stuff. I also understand double-freeing and use after free, but socket buffer freelist/all those page descriptors/modprobe was explained in less than 2 minutes If you spent maybe 2 mins explaining the kernel and syscall basics part and 4-5 mins on the actual exploit, it would have more sense Thanks!

Time to finally root the Oculus Quest 2

It was fixed almost immediately. That is a strong advantage of Open Source in contrast to big corp coverups

Running in kernel is worse than running as root.

Really enjoyed this kind of video from you! Admittedly, some of the exploit explanation went over my head and I'll need to do some further research on my end. You might have yourself a little niche here of in-depth explanations of vulnerabilities in an ELI5 manner if you want it. I'd love to see more videos like this with other well-known or new vulnerabilities.

Great that you used one of the Tuxlets in your video, that I made with my son years ago. 👍

Welp, time to upgrade my kernel.

I'm learning that the safest way to store your secure data is on a piece of paper

Bugs never went away, but recently, it feels like bugs just did 20 years in prison, and they've been released on parole.

Relatively new here - background is in mechanical engineering but I would really like to learn embedded software development ( for myself and for my job). Really enjoy these types of videos. I will say I always write some of the acronyms from these videos down on stickies to look up later, given my lack of knowledge of the inner workings of computers. TIL what a TLB is. Anyways, looking forward to any and all videos 👍🏼

I love how you keep it short all the time, I don't want to watch through 40 minutes of detailed explanation. This is the perfect overview - thank you very much