KernelCare Blog

New vulnerability found in Linux kernel: error handling can lead to corruption and DoS

New vulnerability found in Linux kernel: error handling can lead to corruption and DoS

A ptrace virtualization code to the debug registers has an incorrect error handling which was discovered by Andy Lutomirski and disclosed today (CVE-2018-1000199). This vulnerability can lead to corruption and DoS. In practice, if an illegal value is written, such as DR0, the internal state of the kernel's breakpoint tracking can become corrupt even though the ptrace() call will return -EINVAL.

This error reported has illustrated exploits for x86 kernels, but other kernels can be affected as well. According to Andy, “the bug itself is spread all over the place in the kernel in generic and arch code”.

Major Linux distributions will be releasing kernel updates with a fix, which requires a reboot. However, if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, without any downtime.

When you install KernelCare, whether a paid or a trial version, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward. If you’d like to update your kernels as soon as the fix is released, you can get KernelCare for free for 30 days here. To learn more about KernelCare, visit this page.

Timeline for patch releases for KernelCare:

  • CloudLinux OS 7 - released
  • CentOS 7 Plus - released
  • CentOS 7 - released
  • CentOS 6 Alt - released
  • CentOS 7 Alt - released
  • Ubuntu 16.04 - released
  • Ubuntu 14.04 - released
  • RHEL 7 - released
  • Debian 7 - released
  • Debian 8 - released
  • Debian 9 - released
  • Proxmox 3.10 - released
  • Proxmox 4.2 - released
  • Proxmox 5 - released

Topic: KernelCare Blog

3750 people viewed this

Comments (11)

 
by Guest - Michael Denney / Tuesday, 01 May 2018 18:58

Corruption in what sense? Data in RAM? Storage data?

This is certainly a good marketing push for KernelCare - I'll give you that - but a little more detail as to the effects of this being executed on a live system would be appreciated.

Corruption in what sense? Data in RAM? Storage data? This is certainly a good marketing push for KernelCare - I'll give you that - but a little more detail as to the effects of this being executed on a live system would be appreciated.
by Guest - Stéphan Schamp / Wednesday, 02 May 2018 08:16

I would assume System Kernel Memory corruption, which can lead to instability and eventually a crash of the System Kernel thus resulting in DoS.
Redhat goes even further and states that this could potentially lead to Privilege Escalation.
https://access.redhat.com/security/cve/cve-2018-1000199

I would assume System Kernel Memory corruption, which can lead to instability and eventually a crash of the System Kernel thus resulting in DoS. Redhat goes even further and states that this could potentially lead to Privilege Escalation. https://access.redhat.com/security/cve/cve-2018-1000199
by Guest - Michael Denney / Wednesday, 02 May 2018 13:32

Thank you :).

Thank you :).
by Guest - Bob Dog / Thursday, 03 May 2018 13:27

No CloudLinux 6 on this list yet? Hmm

No CloudLinux 6 on this list yet? Hmm
by Guest - Michael Denney / Thursday, 03 May 2018 13:37

It isn’t affected by this bug.

It isn’t affected by this bug.
by Guest - Irina Semenova / Monday, 07 May 2018 17:58

The previous answer was right. Yes, CloudLinux 6 is not affected

The previous answer was right. Yes, CloudLinux 6 is not affected
by Guest - Ada / Sunday, 13 May 2018 00:49

Do you will release a patch for OpenVZ 6? I do not see a patch for it:

>kpatch-build-time: Thu Apr 19 21:02:02 2018

Do you will release a patch for OpenVZ 6? I do not see a patch for it: >kpatch-build-time: Thu Apr 19 21:02:02 2018
by Igor Seletskiy / Sunday, 13 May 2018 00:58

OpenVZ 6 is not affected.

OpenVZ 6 is not affected.
by Guest - Mark McDonald / Wednesday, 16 May 2018 03:39

Has anyone had issues with Red Hat support when also running an updated kernel?

Has anyone had issues with Red Hat support when also running an updated kernel?
by Guest - Vladimir Marchuk / Thursday, 24 May 2018 10:22

I am sorry, but it's not quite clear what do you mean. Could you please be more specific?

I am sorry, but it's not quite clear what do you mean. Could you please be more specific?
by Guest - Mark McDonald / Thursday, 24 May 2018 10:39

I was wondering if anyone had experience with Red Hat not providing support due to the modded kernel - but I have my answer here: https://access.redhat.com/articles/1067

I was wondering if anyone had experience with Red Hat not providing support due to the modded kernel - but I have my answer here: https://access.redhat.com/articles/1067

Leave your comment

Guest, Tuesday, 21 August 2018

Captcha Image