Security warning: major vulnerability found in Linux kernels that affects most kernels

A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov (see CVE-2017-6074). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access to the server.

This vulnerability affects most kernels! Add KernelCare to your server today to automatically patch this vulnerability without needing to reboot your server.

The KernelCare team urgently worked on releasing a patch for every Linux distribution they support, as soon as they became aware of the vulnerability. RedHat and Debian had also released updated kernels – however, they will require you to reboot servers. But if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, WITHOUT any downtime.

When you install KernelCare, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward.

If you are interested in adding KernelCare to your Linux server today, please contact our sales department at sales@quadranet.com or by phone at 888-5-QUADRA to inquire about the benefits of utilizing KernelCare on your server. QuadraNet is an official partner of KernelCare and can immediately activate licenses and assist with configuring your server to work with KernelCare.

To learn more about KernelCare, visit their website.

KernelCare was able to successfully patch this vulnerability for each Linux distribution on the below dates:

  • Ubuntu 16.04 – Feb 24, 2017
  • Ubuntu 14.04 – Feb 24, 2017
  • RHEL 7 – Feb 22, 2017
  • RHEL 6 – Feb 22, 2017
  • RHEL 5 – Feb 25, 2017
  • CentOS 7 – Feb 22, 2017
  • CentOS 6 – Feb 22, 2017
  • CentOS 5 – Feb 25, 2017
  • CloudLinux OS 7 –  Feb 22, 2017
  • CloudLinux OS 6 –  Feb 22, 2017
  • CloudLinux OS 5 – Feb 25, 2017
  • CentOS 6 Plus –  Feb 22, 2017
  • CentOS 7 Plus –  Feb 22, 2017
  • CentOS 6 Alt –  Feb 22, 2017
  • CentOS 7 Alt –  Feb 22, 2017
  • Debian 7 & 8 – Feb 24, 2017
  • Virutozzo/OpenVZ 2.6 –  Feb 22, 2017
  • Proxmox 3.10 –  Feb 22, 2017
  • Proxmox 4.2/4.4 – Feb 24, 2017