CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug
On May 10th, 2019, the US Congress passed an order requiring federal agencies to patch a Linux bug that can be used to gain root access. The bug, known as "Looney Tunables," was discovered by security researchers in January and allows attackers to change the value of any kernel parameter on Linux systems running the 3.10 kernel or earlier.
While most Linux distributions have already patched this bug, some Linux installations may still be vulnerable if they do not receive regular updates from their vendors.
Since the Looney Tunables bug affects older versions of the Linux operating system, it could be present on many servers and other devices running older versions of OpenStack and other open-source software packages.
This could mean that large numbers of systems might remain vulnerable to attack even after being patched by their vendors.