CloudLinux - CloudLinux Blog - KernelCare - new privilege escalation vulnerability CVE-2014-4943
KernelCare Blog

KernelCare - new privilege escalation vulnerability CVE-2014-4943

CentOS 6, RHEL 6, CloudLinux 6 and OpenVZ kernels can now be patched against CVE-2014-4943. The patched kernels are yet to be available from the vendors. Yet, due to the nature of the issue, we wanted to release the patch as soon as possible

CVEs: CVE-2014-4943

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

Details:
  • CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()
    A flaw in the Linux kernel allowing an unprivileged user to escalate to kernel privilege when CONFIG_PPPOL2TP is enabled.
KernelCare for CentOS & RHEL 7
Updates to CageFS, LVE Manager & LVE Stats
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 20 February 2020

Captcha Image