SimplerCloud Pte Ltd

×
×

News: Security Advisory: Linux kernel's CXGB3 driver use-after-free vulnerability

Published: 07/04/2016 Back

This advisory is provided as a courtesy.

We would like to bring to your attention a newly discovered use-after-free vulnerability affecting Linux kernel's CXGB3 driver, which allows a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code. This affects mostly Ubuntu Server OSes (particularly version 14.04 LTS and 12.04 LTS), although it is known to affect CentOS 7 as well.


If you are running vulnerable OS, we strongly recommend you to install the latest kernel patches for your operating system to fix the vulnerability issue on your servelet. The security bug has been assigned bug-ID CVE-2015-8812.


Impact

If you are running kernel OS affected by this vulnerability, the kernel would incorrectly misinterpret network congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device sent the skb's queued data, these structures were referenced. A local attacker (which is, a privileged user within your OS) could use this flaw to panic the system and cause denial of service, and escalate privileges.


Affected Server


Some operating systems affected by this vulnerability includes, but not limited to:


- Ubuntu Server 14.04 LTS
- Ubuntu Server 12.04 LTS
- CentOS 7

How to Fix the Problem


You just need to install the latest kernel patches for your operating system, and restart your servelet afterwards for the new kernel patches to take effect.


On Ubuntu systems:


sudo apt-get update
sudo apt-get dist-upgrade

and then reboot the system.

On CentOS systems:

yum update

and then reboot the system.


More information


USN-2946-1: Linux kernel vulnerabilities
CVE-2015-8812


Request Assistance


If needed, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", GNU C Library and Poodle SSLV3 Vulnerability - $10.

Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.

For example:

Hostname: test-dd
IP Address: 103.25.202.81
OS Template: CentOS 6.5 (64-bit) 20140123a

Thank you.

SimplerCloud Support Team