A Timesys Deep Dive Embedded Systems Newsletter
- Cybersecurity news: PATCH IMMEDIATELY: Critical Local Privilege Escalation Vulnerability Found in Linux Kernel
- SPDX SBOM Support Added to Vigiles alongside New Features, Changes, and Bug Fixes
- On the 25th Day of Christmas, my computer sent to me: The Timesys Advent Calendar~♫
- Jump Start Training: Get a JUMP on Your Embedded Linux Development.
- Learn with Timesys: blogs and webinars galore
Cybersecurity in the news:PATCH IMMEDIATELY: Critical Local Privilege Escalation Vulnerability Found in Linux Kernel
According to Linux Security, this use-after-free vulnerability in Linux Kernel published by Redhat allows for local privilege escalation.
“This vulnerability is referred to be a use-after-free problem, and it can be found in io uring on the Update of Reference Count. io uring is an interface for making system calls in Linux. It made its debut for the very first time in the mainline Linux Kernel version 5.1 in the year 2019. It gives an application the ability to start system calls that may be carried out in an asynchronous manner.
A Use-After-Free vulnerability and a Local Privilege Escalation may be caused in the Linux kernel by incorrectly updating the reference count in the io uring function.”
Need more info on these vulnerabilities?
With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?
We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.
SPDX SBOM Support Added to Vigiles alongside New Features, Changes, and Bug Fixes
In the newest Vigiles update released earlier this month, Timesys implemented some exciting new features such as an option to apply a note to all CVEs when whitelisting a package or to receive an alert when a new package is added to a chain of linked SBOMs!
New Vigiles features also include:
- SPDX: Add support for downloading SBOMs in SPDX-lite format
- SPDX: Add homepage to SPDX SBOM
- CVE Report: Add an option to apply a note to all CVEs when whitelisting a package
- Alerts: Add an option to receive an alert when a new package is added to a chain of linked SBOMs
Additional changes that were implemented included:
- SBOM editor: Redirect to the latest report if the only change was to licenses instead of generating a new report
- SBOM editor: Show license changes in the summary modal
- CVE search: Remember the selected search type
- CVE report: Improve page load time
And Bug Fixes for Vigiles were as follows:
- Search SBOMs: Remove duplicate package entries
- Notifications: Fix an error that prevented some notifications from being emailed
On the 25th Day of Christmas, my computer sent to me: The Timesys Advent Calendar~♫
In honor of the holidays, Timesys hosted an Advent Calendar throughout December featuring security tips, tools, and tricks to help you get more secure in anticipation of the New Year. Missed the webinar series on designing OTA updates for secure embedded Linux systems or the Timesys eBook on cybersecurity? You can catch up on each of the holidays gifts at the Timesys Advent Calendar page below!
In addition, we’re excited to share that the Lunch & Learn opportunity is being extended through the end of January. If you’re not sure where to start when it comes to securing your products, embedded Linux devices, or customizing Yocto, or you’re looking to refresh your company on best security practices in the New Year, a Lunch & Learn is a great and simple way to start! To get started with setting up a customized Lunch & Learn session for you and/or your company, click the link below!
Jump Start Service
Jump Start Training: Get a JUMP on Your Embedded Linux Development.
Ready to get answers to your questions about how to get started with Yocto Project or Timesys Factory, setting up your embedded Linux development environment, and booting a dev kit in the New Year? Until the end of January, if you reserve your Jump Start training now for anytime in 2023, you will get a half-price discount on the per-trainee rate, for up to five people!
The Timesys Jump Start Service is a tailored program through which a Timesys engineer works with you and your team to deliver a customized, two-day embedded Linux training with hands-on exercises based on your application requirements. The Timesys Jump Start Service — which is typically delivered for a maximum of two people — begins with a review of your project and identification of your mini goal(s), after which we customize hands-on exercises, set up a training agenda, and work with you to accomplish your mini goals.
Introduction to Containers on Embedded LinuxLearn with Timesys
How can containers help solve a myriad of problems, including enabling legacy applications to run on newer embedded targets?
In our newest blog, learn how containerized applications have been a common solution in the server and even desktop space for quite a while and how they can be leveraged in embedded projects to help decouple application development from the development of the embedded platform itself in timelines, teams, and tools. They can even allow application developers to work on desktop or workstation targets, then later deploy to the actual target hardware.
Vulnerability Management for Embedded
Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM
January 19 @ 12 PM EDT / 9 AM PT
In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:
– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!