CloudLinux - CloudLinux Blog - KernelCare - new privilege escalation vulnerability CVE-2014-4943
Blog

KernelCare - new privilege escalation vulnerability CVE-2014-4943

CentOS 6, RHEL 6, CloudLinux 6 and OpenVZ kernels can now be patched against CVE-2014-4943. The patched kernels are yet to be available from the vendors. Yet, due to the nature of the issue, we wanted to release the patch as soon as possible

CVEs: CVE-2014-4943

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

Details:
  • CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()
    A flaw in the Linux kernel allowing an unprivileged user to escalate to kernel privilege when CONFIG_PPPOL2TP is enabled.
KernelCare for CentOS & RHEL 7
Updates to CageFS, LVE Manager & LVE Stats
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/