Azure 시스템 보호: Linux 커널 취약점 패치
Several vulnerabilities have been identified in the Linux kernel, which could potentially allow attackers to compromise systems, escalate privileges, or even cause system crashes. Recently, Canonical has released security updates for these vulnerabilities, targeting Azure-based Linux systems running various Ubuntu versions.
This article will explore some Linux kernel Azure vulnerabilities that have been fixed and discuss how live patching can protect your systems while minimizing downtime.
Recent Linux Kernel Vulnerabilities Fixed
CVE-2024-27397 (CVSS v3 Score: 7.0 High)
A use-after-free vulnerability exists in the netfilter subsystem of the Linux kernel. This flaw is triggered when a user initiates an element timeout, leading to potential system crashes or privilege escalation.
CVE-2024-45001 (CVSS v3 Score: 5.5 Medium)
Found within the MANA (Microsoft Azure Network Adapter) driver, this flaw arises when the RX buffer’s alloc_size is passed into napi_build_skb() without proper alignment. This misalignment can cause atomic operations to fail on ARM64 CPUs, particularly when used with certain MTU configurations (e.g., 4000).
Without the necessary alignment, operations may panic the system due to faults in atomic operations, disrupting Azure-based services.
CVE-2024-26812 (CVSS v3 Score: 4.1 Medium)
An interrupt handling issue has been identified within the PCI core device driver. If an attacker can trigger this flaw, they may force a system crash.
CVE-2024-26602 (CVSS v3 Score: 5.5 Medium)
The sys_membarrier functionality in the kernel’s scheduling system could be exploited by users calling it excessively, which in turn saturates machine resources. A high frequency of calls could render the system unusable by overloading its resources.
For complete details on Linux kernel Azure vulnerabilities, you can refer to Ubuntu Security Notices.
Staying Protected with Live Kernel Patching
For organizations using Linux distributions on Azure, applying the patches is crucial to maintaining system security and reliability. The Ubuntu security team has provided security updates for multiple Ubuntu releases, including Ubuntu 24.04, Ubuntu 22.04, Ubuntu 20.04, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM.
Traditional kernel updates often require a reboot to apply changes, which can lead to downtime and service interruptions. However, live patching allows administrators to apply critical kernel updates without needing to reboot the system.
TuxCare’s KernelCare Enterprise provides automated live patching for Linux distributions without reboots, ensuring that Linux-based systems remain protected and compliant. KernelCare supports a wide range of Linux distributions, including Ubuntu, Debian, RHEL, CentOS, AlmaLinux, Rocky Linux, Oracle Linux, Amazon Linux, and more.
결론
Addressing Linux kernel vulnerabilities is essential for protecting your Azure infrastructure and mitigating potential risks. By using KernelCare, organizations can apply security updates immediately without rebooting, minimizing downtime and ensuring their Azure environment remains secure, reliable, and compliant.
Source: USN-7073-2