Blog & News

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to a SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.

This issue does not affect systems that do not have a large enough address space to exploit this flaw. Systems with less than 32GB of RAM are also very unlikely to be affected by this issue due to the memory demand required during exploitation.

The fix for this flaw is available on the KernelCare test channel provided by CloudLinux and it covers all kernels except Xen PV. There are still some issues with Xen PV kernels, so, please do not apply the fix on Xen PV kernels. The CloudLinux team is currently still working for a fix for Xen PV.

To deploy one of the patches, edit /etc/sysconfig/kcare/kcare.conf and add the following line:

PREFIX=test

Then run the command:

kcarectl --update

If your tests reveal any issues or if you need any further details, please contact us as soon as possible.
 

Current statuses per distro:

• centos6 - Released to TEST(latest-version: 2.6.32-754.3.5.el6)
• centos6-plus - Released to TEST (latest-version: 2.6.32-754.3.5.el6)
• CloudLinux 6 - Released to TEST(latest-version: 2.6.32-896.16.1.lve1.4.54.el6)
• openvz - Released to TEST(latest-version: 2.6.32-042stab133.2)
• rhel6 - Released to TEST(latest-version: 2.6.32-754.3.5.el6)

For the newer versions:

• centos7-plus: - Released (latest-version: 3.10.0-862.11.6.el7)
• rhel7: - Released (latest-version: 3.10.0-862.11.6.el7)
• centos7 - To be released
• CloudLinux 6 Hybrid - Released (latest-version: 3.10.0-714.10.2.lve1.5.19.6.el6h)
• CloudLinux 7 - Released (latest-version: 3.10.0-962.3.2.lve1.5.19.6.el7)