This advisory is provided as a courtesy.
We would like to bring to your attention a newly discovered use-after-free vulnerability affecting Linux kernel's CXGB3 driver, which allows a local attacker to cause a denial of service (system crash) or possibly execute arbitrary code. This affects mostly Ubuntu Server OSes (particularly version 14.04 LTS and 12.04 LTS), although it is known to affect CentOS 7 as well.
If you are running vulnerable OS, we strongly recommend you to install the latest kernel patches for your operating system to fix the vulnerability issue on your servelet. The security bug has been assigned bug-ID CVE-2015-8812.
Impact
If you are running kernel OS affected by this vulnerability, the kernel would incorrectly misinterpret network congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device sent the skb's queued data, these structures were referenced. A local attacker (which is, a privileged user within your OS) could use this flaw to panic the system and cause denial of service, and escalate privileges.
Affected Server
Some operating systems affected by this vulnerability includes, but not limited to:
- Ubuntu Server 14.04 LTS
- Ubuntu Server 12.04 LTS
- CentOS 7
How to Fix the Problem
You just need to install the latest kernel patches for your operating system, and restart your servelet afterwards for the new kernel patches to take effect.
On Ubuntu systems:
sudo apt-get update
sudo apt-get dist-upgrade
and then reboot the system.
On CentOS systems:
yum update
and then reboot the system.
More information
USN-2946-1: Linux kernel vulnerabilities
CVE-2015-8812
Request Assistance
If needed, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", GNU C Library and Poodle SSLV3 Vulnerability - $10.
Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.
For example:
Hostname: test-dd
IP Address: 103.25.202.81
OS Template: CentOS 6.5 (64-bit) 20140123a
Thank you.
SimplerCloud Support Team