A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov (see CVE-2017-6074). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access to the server.
This vulnerability affects most kernels!
The KernelCare team, as always, is urgently working on releasing patches, with some distributions being promptly covered by the end of today (Wednesday, February 22nd, 2017), and most by tomorrow (see release schedule below). Major Linux distributions are working on releasing kernel updates with a fix as well. RedHat and Debian already released updated kernels - however, they will require you to reboot servers. But if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, WITHOUT any downtime.
When you install KernelCare, whether a paid or a trial version, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward.
If you’d like to update your kernels as soon as the fix is released, you can get KernelCare for free for 30 days now, or purchase licenses here (from $2.25 per server/mo).
To learn more about KernelCare, visit this page.
Timeline for patch releases for KernelCare:
- Ubuntu 16.04 - Feb 24, 2017
- Ubuntu 14.04 - Feb 24, 2017
- RHEL 7 - Feb 22, 2017
- RHEL 6 - Feb 22, 2017
- RHEL 5 - Feb 25, 2017
- CentOS 7 - Feb 22, 2017
- CentOS 6 - Feb 22, 2017
- CentOS 5 - Feb 25, 2017
- CloudLinux OS 7 - Feb 22, 2017
- CloudLinux OS 6 - Feb 22, 2017
- CloudLinux OS 5 - Feb 25, 2017
- CentOS 6 Plus - Feb 22, 2017
- CentOS 7 Plus - Feb 22, 2017
- CentOS 6 Alt - Feb 22, 2017
- CentOS 7 Alt - Feb 22, 2017
- Debian 7 & 8 - Feb 24, 2017
- Virutozzo/OpenVZ 2.6 - Feb 22, 2017
- Proxmox 3.10 - Feb 22, 2017
- Proxmox 4.2/4.4 - Feb 24, 2017
If you have KernelCare, it will bring your kernels up-to-date with these patches automatically, without a reboot. KernelCare supports most popular Linux distributions.