The systemtap scripts recommended by RedHat https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 and many other people as workaround against CVE-2016-5195 (a.k.a DirtyCow) might be ineffective against new variations of the attack like this one:
[correction Oct 22, 7:04am: this particular exploit uses ptrace, and our kernel team corrected me that so far the systemtap script that Redhat recommends does protect against all known potential vectors of attack]
What is more, we know that in some rare situations it can conflict with KernelCare and crash the server.
To eliminate those accidents, we are preparing automated systemtap/kprobe detection that will be baked into the patch. It was already in our CentOS/CL6 patches.
We are about 24 hours away from making that stable.
We understand that you need the protection now. So, in the next few hours, we will release our patches without systemtap/kprobe protection into the test repository.
IF YOU DON'T NEED IT NOW, JUST WAIT, AND YOU WILL BE SAFELY AND AUTOMATICALLY UPDATED WITHIN 24 HOURS
To receive those patches:
If you have installed systemtap script against DirtyCow, uninstall/unload it.
After that run:
$ echo "PREFIX=test" >> /etc/sysconfig/kcare/kcare.conf
After that, KernelCare will start taking updates from test repository.
This is a manual process specifically to let people with the systemtap script have a chance to remove those scripts and avoid crashes.
In the future - you will need to remove the PREFIX=test line from kcare.conf
and within 24 hours we will publish new patches that automatically detect the systemtap script.