The KernelCare team has announced that a major vulnerability for their Linux kernels has been found. Their security team is currently tracking the vulnerability, CVE-2019-8912.
As of 22 Friday 2019, their assessment is that the introduction of a "sockfs_setattr()" function is the cause of this possible security bug. This function neglects to null out values in a structure, making their values usable after exiting from the function (a so-called ‘use-after-free’ error).
Live patches have already been released for key customers and Amazon Linux, and the KernelCare team is currently creating patches for the full range of affected kernels, which are:
- Ubuntu Bionic (and the HWE kernels based on it)
- Proxmox VE 5
For more information about the vulnerability, please make sure to visit the official KernelCare blog.
KernelCare is constantly monitoring vulnerabilities in the Linux kernel and is a leading provider of patch solutions for our wide range of supported Linux distributions. To learn more about the leader in cross-platform direct fix solution for Linux kernels, please visit our page or talk with our support team at any moment.
Friday, February 22, 2019
