A new report has emerged of an alleged security flaw in the Linux kernel that is being named the “Grinch,” after the character from Dr. Seuss’ classic “The Grinch Who Stole Christmas” story. In this case, however, the Grinch might not be a risk at all though, ironically, on the same day the Grinch was reported, a real Linux vulnerability unrelated to the Grinch was, in fact, disclosed and patched.
The Grinch flaw was reported by Stephen Cody, chief security evangelist at Alert Logic. Cody alleges that the Grinch flaw enables users on a local machine to escalate privileges. Leading Linux vendor Red Hat, however, disagrees that the Grinch issue is even a bug and instead notes in a Red Hat knowledge base article that the Grinch report “incorrectly classifies expected behavior as a security issue.”