Summary: This content provides an update on the deployment of a live patch for CVE-2024-1086 for CloudLinux users and includes instructions for manual updates.
Threat Actor: N/A
Victim: CloudLinux users
Key Point:
- The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users.
- Patches have already been released for CloudLinux 6h and CloudLinux 7, and users can manually update without a live patch.
- The vulnerability affects the Netfilter subsystem of the Linux kernel and can lead to local privilege escalation.
- Patching is strongly recommended as there is publicly available proof-of-concept code for exploiting this vulnerability.
- Patches for CloudLinux 6h and CloudLinux 7 are currently in a test feed and passing Quality Assurance.
- The ETA for the release of the patch for CloudLinux 7 is April 8th, and for CloudLinux 6h is April 10th.
- Users can follow the status of the release in the TuxCare CVE tracker.
Update April 8th, 2024: Updated ETA for CloudLinux 6h and CloudLinux 7.
The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users. A patch has already been released for CloudLinux 6h and CloudLinux 7, and users can manually update without a live patch. Instructions for doing so can be found here.
More details on the status of the live patch availability below.
About the CVE
This vulnerability was identified in the Netfilter subsystem of the Linux kernel. This flaw can be found in the nft_verdict_init() function, which enables positive values to be interpreted as drop errors in the hook verdict. As a consequence, the nf_hook_slow() function can trigger a double-free vulnerability when NF_DROP is issued with a drop error similar to NF_ACCEPT. Exploiting this issue in the nf_tables component could lead to local privilege escalation.
TuxCare strongly suggests patching as soon as possible, as this vulnerability has publicly available proof-of-concept code that makes it trivially exploitable for a local user on a vulnerable system.
Live Patch Status
Patches for CloudLinux 6h and CloudLinux 7 are currently in a test feed and passing Quality Assurance. ETA for release for CloudLinux 7 is April 8th. ETA for release for CloudLinux 6h is April 10th.
Note: As this vulnerability affects multiple versions across different distributions, you can follow the status of the release in the TuxCare CVE tracker here.
Check this blog post again for an update.
Summary
Article Name
Patches for CVE-2024-1086 for CloudLinux 6h, 7 Users
Description
The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users. Instructions for doing so can be found here.
Author
Joao Correia
Publisher Name
TuxCare
Publisher Logo
Source: https://tuxcare.com/blog/patches-for-cve-2024-1086-for-cloudlinux-6h-7-users-on-kernelcare-live/
“An interesting youtube video that may be related to the article above”