CloudLinux - CloudLinux Blog - Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
Blog

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels

[Last updated Jun 22, 12:05PM PDT]

A new major local privilege escalation vulnerability in the Linux kernel was disclosed yesterday, June 19th, 2017 (CVE-2017-1000364). The vulnerability can be exploited to allows an unprivileged local user to gain root access to the server.

The Qualys' security advisory shows practical methods for circumventing an exploit protection mechanism known as the "stack guard page". A flaw was found in the way memory was being allocated on the stack for user-space binaries. If heap (or a different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system. To read more about the stack guard page vulnerability, visit this post.

This vulnerability affects most kernels. The KernelCare team, as always, is urgently working on releasing patches, with some distributions being promptly covered by the end of today (Tuesday, June 20th, 2017), and most soon after (we will be updating the release schedule below). Major Linux distributions have released kernel updates with a fix, which requires a reboot. However, if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, without any downtime.

When you install KernelCare, whether a paid or a trial version, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward.

If you’d like to update your kernels as soon as the fix is released, you can get KernelCare for free for 30 days here. To learn more about KernelCare, visit this page.

Timeline for patch releases for KernelCare:

CloudLinux OS 7 - Jun 21, 2017
CloudLinux OS 6 Hybrid - Jun 21, 2017
CloudLinux OS 6 - Jun 22, 2017
RHEL 7 - Jun 21, 2017
RHEL 6 - Jun 22, 2017
CentOS 7 Plus - Jun 21, 2017
Proxmox VE 3.10 - Jun 21, 2017
Proxmox VE 2.6 - Jun 22, 2017
Proxmox VE 4.x - Jun 22, 2017
Ubuntu 3.13, 4.4 & 4.8 kernels - Jun 21, 2017
CentOS 7 - Jun 21, 2017 
CentOS 6 - Jun 22, 2017
Debian 8 - Jun 21, 2017
Debian 7 - Jun 22, 2017
CentOS 6 Plus - Jun 22, 2017
Virtuozzo/OpenVZ 2.6.32 - Jun 22, 2017
CentOS 6 Alt - to be released 
CentOS 7 Alt - to be released 

 
If you have KernelCare, it will bring your kernels up-to-date with these patches automatically, without a reboot.

KernelCare supports most popular Linux distributions. Click here to see the complete list.

Imunify360’s latest malware scanning engine outper...
Issues caused by the latest KernelCare update and ...
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/