KernelCare Blog

Security warning: major vulnerability found in Linux kernels that affects most kernels

Security warning: major vulnerability found in Linux kernels that affects most kernels

A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov (see CVE-2017-6074). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access to the server.

This vulnerability affects most kernels! 

The KernelCare team, as always, is urgently working on releasing patches, with some distributions being promptly covered by the end of today (Wednesday, February 22nd, 2017), and most by tomorrow (see release schedule below). Major Linux distributions are working on releasing kernel updates with a fix as well. RedHat and Debian already released updated kernels - however, they will require you to reboot servers. But if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, WITHOUT any downtime.

When you install KernelCare, whether a paid or a trial version, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward.

If you’d like to update your kernels as soon as the fix is released, you can get KernelCare for free for 30 days now, or purchase licenses here (from $2.25 per server/mo). 

To learn more about KernelCare, visit this page

 

Timeline for patch releases for KernelCare:

  • Ubuntu 16.04 - Feb 24, 2017
  • Ubuntu 14.04 - Feb 24, 2017
  • RHEL 7 - Feb 22, 2017
  • RHEL 6 - Feb 22, 2017
  • RHEL 5 - Feb 25, 2017
  • CentOS 7 - Feb 22, 2017
  • CentOS 6 - Feb 22, 2017
  • CentOS 5 - Feb 25, 2017
  • CloudLinux OS 7 -  Feb 22, 2017
  • CloudLinux OS 6 -  Feb 22, 2017
  • CloudLinux OS 5 - Feb 25, 2017
  • CentOS 6 Plus -  Feb 22, 2017
  • CentOS 7 Plus -  Feb 22, 2017
  • CentOS 6 Alt -  Feb 22, 2017
  • CentOS 7 Alt -  Feb 22, 2017
  • Debian 7 & 8 - Feb 24, 2017
  • Virutozzo/OpenVZ 2.6 -  Feb 22, 2017
  • Proxmox 3.10 -  Feb 22, 2017
  • Proxmox 4.2/4.4 - Feb 24, 2017

If you have KernelCare, it will bring your kernels up-to-date with these patches automatically, without a reboot. KernelCare supports most popular Linux distributions

Topic: KernelCare Blog , Tags: #security,

13500 people viewed this

Comments (12)

 
by Guest - Michael Denney / Thursday, 23 February 2017 04:23

It would be Fantastic if CloudLinux and KernelCare would have gotten notified when the major Linux distributions got notified so that patches could have been put in place more quickly.

It would be Fantastic if CloudLinux and KernelCare would have gotten notified when the major Linux distributions got notified so that patches could have been put in place more quickly.
by Igor Seletskiy / Thursday, 23 February 2017 13:06

yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members for the last 3-4 years. It is pretty sad situation.

yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members for the last 3-4 years. It is pretty sad situation.
by Guest - Jim / Thursday, 23 February 2017 20:01

It is VERY disappointing that CloudLinux alone (without KernelCare) still has no update, when plain Centos is already patched and updated.

It is VERY disappointing that CloudLinux alone (without KernelCare) still has no update, when plain Centos is already patched and updated.
by Igor Seletskiy / Friday, 24 February 2017 13:01

It takes much longer to prepare & test the fix for the full kernel.

It takes much longer to prepare & test the fix for the full kernel.
by Guest - Noone / Friday, 24 February 2017 00:52

why there is no other posts online about this vulnerability ? and why I came here from a facebook promoted post?

why there is no other posts online about this vulnerability ? and why I came here from a facebook promoted post?
by Kateryna Obiidykhata / Friday, 24 February 2017 12:47

1. Here you can find the announcement about the vulnerability found - http://seclists.org/oss-sec/2017/q1/471 2. Because you have clicked on our post.

1. Here you can find the announcement about the vulnerability found - http://seclists.org/oss-sec/2017/q1/471 2. Because you have clicked on our post.
by Igor Seletskiy / Friday, 24 February 2017 13:01

It takes much longer to prepare & test the fix for the full kernel.

It takes much longer to prepare & test the fix for the full kernel.
by Guest - M.R / Friday, 24 February 2017 06:18

IS the fix out there for centos 6.8 ?

IS the fix out there for centos 6.8 ?
by Kateryna Obiidykhata / Friday, 24 February 2017 12:46

Fix out is available for ALL supported distros, but kernelcare-2.10-* is required to apply it.

Fix out is available for ALL supported distros, but kernelcare-2.10-* is required to apply it.
by Guest - Gary D. / Friday, 24 February 2017 22:50

This is click-bait SPAM. Don't fall for this crap. Look at the kernel they are talking about patching. This is a scam to get you to subscribe to something you don't need to. If you have a production environment you would never allow a 'service' to automatically update the kernel in your environment for obvious reasons; doing so would likely take down your production environment.

This is click-bait [b]SPAM[/b]. Don't fall for this crap. Look at the kernel they are talking about patching. This is a scam to get you to subscribe to something you don't need to. If you have a production environment you would never allow a 'service' to automatically update the kernel in your environment for obvious reasons; doing so would likely take down your production environment.
by Igor Seletskiy / Monday, 27 February 2017 13:46

Gary,

I think you are out of date. First of all, this is now needed, as there are published exploits in the wild:
https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074

Second, of all -- we have thousands of customers using it, without "taking down production environment". We are not even the first to do it.
ksplice.com were the first company to offer this service.
Right now livepatch is in mainline kernel, and there are plenty of info on the topic all over the internet: https://en.wikipedia.org/wiki/Patch_(computing)#HOT-PATCHING

Gary, I think you are out of date. First of all, this is now needed, as there are published exploits in the wild: https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 Second, of all -- we have thousands of customers using it, without "taking down production environment". We are not even the first to do it. ksplice.com were the first company to offer this service. Right now livepatch is in mainline kernel, and there are plenty of info on the topic all over the internet: https://en.wikipedia.org/wiki/Patch_(computing)#HOT-PATCHING
by Igor Seletskiy / Monday, 27 February 2017 13:47

The exploit is in the wild:
https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074

The exploit is in the wild: https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074

Leave your comment

Guest, Sunday, 23 April 2017

Captcha Image