The KernelCare team are tracking a new vulnerability, CVE-2019-8912.
Our assessment is that the cause is this commit, the introduction of a "sockfs_setattr()" function. This function neglects to null-out values in a structure, making their values usable after exiting from the function (a so-called ‘use-after-free’ error).
Our team have already released live patches for key customers and Amazon Linux, and not unaccustomed to weekend working, are right now making patches available for the full range of affected kernels, which are:
- Ubuntu Bionic (and HWE kernels based on it)
- Proxmox VE 5
KernelCare is constantly monitoring for Linux kernel vulnerabilities and are always among the first live patching solution providers to issue patches for our wide range of supported Linux distributions.
KernelCare, by CloudLinux, Inc., is the leading multi-platform live patching solution for Linux kernels. It keeps your servers safe, automatically downloading and installing the latest security patches; it keeps your servers running, updating kernels without rebooting, without interruption to processes or people. KernelCare is the missing link in Linux server security.