this post was submitted on 19 Aug 2024
170 points (98.3% liked)
Linux
48061 readers
697 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How vulnerable your system is with an old kernel/old code depends on what you’re running. If you’re running a bunch of sophisticated services that allow access on the open internet, you may have more vulnerabilities than if you’re just running a file share. The kernel doesn’t really matter at all unless either you allow other people to run commands or someone is able to exploit a RCE exploit.
The kernel has tons of vulnerabilities that get patched with updates. You really shouldn't be running a older kernel for that long
Sure, but those vulnerabilities aren’t just open to the network. Almost every one requires you to be able to run at least unprivileged arbitrary code on the machine.
Usually but are you paying close enough to the security notices to know when it isn't?
It’s very big news when there’s a vulnerability in the Linux kernel itself that can be remotely exploited. Like, everyone on any security show/podcast/blog is talking about it.
https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
Cool, CVEs don’t tell you whether it’s remotely exploitable. What I’m talking about is an issue with the Linux kernel itself that can be exploited without having the existing ability to run code on the machine.
True, you do need to look at the exploitablity score. You are right almost all of the CVEs are not easily exploitable.
However, assuming your device is secure isn't a great idea. I think it is wise to just update so you don't have to worry about it. It is relative simple to update and reboot if needed.