CVE in glibc: Embedded Linux ELinOS not affected

Feb 01, 2024 – ELinOS, Linux, Security

Three critical security vulnerabilities have been discovered in the GNU C library (glibc), which is important for Linux systems. SYSGO's Embedded Linux ELinOS is not affected.

The vulnerabilities found can be used to gain local root rights. The __vsyslog_internal() function is affected. This is part of the syslog API, which allows applications to log messages with different priority levels, which can then be used by system administrators for monitoring and troubleshooting.

The vulnerability can be exploited to cause a heap memory buffer overflow. The following command can be used to check whether systems are affected via Bash:

(exec -a "`printf '%0128000x' 1`" /usr/bin/su < /dev/null)

The vulnerability was found in several versions of Debian, Ubuntu and Fedora.

Learn more about the security concept of ELinOS here: www.sysgo.com/embedded-linux-security

Back to the Overview

elinos, linux, security, vulnerability

Previous

Jan 23, 2024 – PikeOS, ELinOS, Avionics & Defense, Automotive, Energy & Environment, Industrial Automation, IoT, Linux, Medical, Railway, Safety, Security, Space
Empowering the Future of Embedded Systems

adas, autonomous, communication, connectivity, development, ima, interoperability
Next

Feb 13, 2024 – R&T Projects, Safety
Cloud Solutions: SYSGO in IPCEI-CIS Program

cloud, cybersecurity, safety, security

CVE in glibc: Embedded Linux ELinOS not affected

Share via

Previous

Empowering the Future of Embedded Systems

Next

Cloud Solutions: SYSGO in IPCEI-CIS Program

Useful Links