CloudLinux OS Blog - Major 9.8 vulnerability affects multiple Linux kernels— CVE-2019-8912 (af_alg_release())
CloudLinux OS Blog

Major 9.8 vulnerability affects multiple Linux kernels— CVE-2019-8912 (af_alg_release())

vulnerability7

The KernelCare team are tracking a new vulnerability, CVE-2019-8912.

Our assessment is that the cause is this commit, the introduction of a "sockfs_setattr()" function. This function neglects to null-out values in a structure, making their values usable after exiting from the function (a so-called ‘use-after-free’ error).

Our team have already released live patches for key customers and Amazon Linux, and not unaccustomed to weekend working, are right now making patches available for the full range of affected kernels, which are:

  • Ubuntu Bionic (and HWE kernels based on it)
  • Proxmox VE 5

KernelCare is constantly monitoring for Linux kernel vulnerabilities and are always among the first live patching solution providers to issue patches for our wide range of supported Linux distributions.

KernelCare, by CloudLinux, Inc., is the leading multi-platform live patching solution for Linux kernels. It keeps your servers safe, automatically downloading and installing the latest security patches; it keeps your servers running, updating kernels without rebooting, without interruption to processes or people. KernelCare is the missing link in Linux server security.

Beta: MariaDB for MySQL Governor updated
CVE-2019-8912
 

Comments 7

Guest - Ryan Smith on Friday, 22 February 2019 19:01

So is the CloudLinux 7 kernel not affected as it's not listed above?

So is the CloudLinux 7 kernel not affected as it's not listed above?
Igor Seletskiy on Friday, 22 February 2019 19:06

Correct. We initially thought that it was, but after detailed investigation figured out that only kernels 4.9 and higher are affected.

Correct. We initially thought that it was, but after detailed investigation figured out that only kernels 4.9 and higher are affected.
Guest - Lucas Rolff on Friday, 22 February 2019 20:59

NVD links to Symantec's "securityfocus.com" website, which lists kernels prior to 4.9 being vulnerable as well: https://www.securityfocus.com/bid/107063

NVD links to Symantec's "securityfocus.com" website, which lists kernels prior to 4.9 being vulnerable as well: https://www.securityfocus.com/bid/107063
Guest - Andre on Friday, 22 February 2019 21:55

Thanks Igor and team!

Thanks Igor and team!
Guest - Joe on Friday, 22 February 2019 22:36

Hello,So are the CloudLinux 6 /centos 6 /
Centos 7 kernel not affected as it's not listed above,too ? Thanks

Hello,So are the CloudLinux 6 /centos 6 / Centos 7 kernel not affected as it's not listed above,too ? Thanks
Igor Seletskiy on Friday, 22 February 2019 22:54

CloudLinux 6 / CentOS 6 are not affected.
SecurityFocus is wrong. We posted this post partially based on info from securityfocus. Yet, once kernel developers looked at the code / and what caused the vulnerability -- they identified that the problem starts only with 4.9 kernels.
RedHat has the same verdict:
https://access.redhat.com/security/cve/cve-2019-8912

As you can see only kernel-alt (which is not a regular rhel kernel, it is based on 4.x) is affected, all others are not affected.

CloudLinux 6 / CentOS 6 are not affected. SecurityFocus is wrong. We posted this post partially based on info from securityfocus. Yet, once kernel developers looked at the code / and what caused the vulnerability -- they identified that the problem starts only with 4.9 kernels. RedHat has the same verdict: https://access.redhat.com/security/cve/cve-2019-8912 As you can see only kernel-alt (which is not a regular rhel kernel, it is based on 4.x) is affected, all others are not affected.
Guest - Marvin on Monday, 25 February 2019 23:24

Thanks for information, great work

Thanks for information, great work
Already Registered? Login Here
Guest
Saturday, 25 May 2019

Captcha Image