Monthly KernelCare Update – February 2021

This February we did a diligent work to keep your Linux kernels and shared libraries updated. For instance, you’ll find detailed updates regarding the latest CVEs, recent KernelCare projects, and technical instructions in the following sections. Or, watch a quick recap of the news in video format.

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=True, width=’1920′, height=’1080′, player_id=’42443781126′, style=” %}

New CVEs Patched by KernelCare

Vulnerabilities that affected Linux kernels were in bloom this month. However, not every vulnerability has a big name and gets the media spotlight – dozens fly under the radar. Below you’ll see the CVEs patched by KernelCare in February: the famous ones and the ones you were not aware of.

• CVE-2021-3347

This vulnerability involves futexes and a kernel stack use-after-free issue during fault handling. A cybercriminal could crash the kernel and lead to a denial of service or upgrade user privileges. This vulnerability affects all Linux kernels from 2008 until version 5.10.11, which pretty much means anything currently running.

• CVE-2021-26708

Made public on 4 February 2021, CVE-2021-268 makes possible a local privilege escalation in all Linux kernels prior to 5.10.13. This vulnerability allows for multiple race conditions in the AF_VSOCK implementation caused by wrong locking net/vmw_vsock/af_vsock.c and bypassing SMEP and SMAP.  The key threats are data confidentiality and integrity and system availability.

Live patching by KernelCare+ will keep your system protected from every vulnerability, even the ones you are not aware of. Install it ASAP in one command!

To make sure you understand the causes and potential risks of new vulnerabilities, the KernelCare team regularly produces detailed overviews. They feature the technical introductions of new CVEs, as well as tips to identify and mitigate them. Read the notes on the following vulnerabilities in our blogs.

• Yet Another Futex Vulnerability Found in the Kernel (CVE-2021-3347)
  As one of only a handful of enterprise operating systems, Linux certainly has issues with common vulnerabilities and exploits (CVEs). For cybersecurity experts, it must be exasperating when the same types of CVEs return year after year. For example, related CVEs continue to be discovered in vulnerable areas of the Linux OS kernel. In regard to Linux futex implementation, fourteen CVEs have been identified. This includes the most recent discovery through the end of 2020. It goes without saying that futexes are impressively complex. However, this complexity might be contributing to the cause. As the first month of 2021 ended, yet another futex involved Linux kernel vulnerability surfaced. Made public as CVE-2021-3347, this vulnerability is malicious because it is a use-after-free vulnerability. This blog article takes a deep dive into what a futex is and why use-after-free vulnerabilities are dangerous.
• Identify, mitigate & prevent buffer overflow attacks on your systems
  One of the most common ways cybercriminals break into computer systems is through buffer overflow vulnerabilities. These vulnerabilities have a long history that stretches back to the early seventies. This makes buffer overflow vulnerabilities among the oldest known attack points for hackers. To date, more than 18,000 have been discovered. System administrators need to be fully aware of these threats and mitigate their influences on critical computer systems. This blog entry takes a detailed look at buffer overflow vulnerabilities and provides foundational advice about identifying and stopping them.
• Understanding the new AF_VSOCK Linux kernel vulnerability
  System administrators and other IT professionals are not usually surprised when a new Linux kernel vulnerability is discovered. After all, it happens enough that professionals expect new vulnerabilities as par for the course. Nevertheless, when security researchers and experts make concerted efforts to look for Linux kernel vulnerabilities, they quickly find them. Sometimes they are in plain sight and ready for a cybercriminal to see them first. This February, security researchers found a new Linux kernel vulnerability in a little-known part of the kernel. This part enables communications between a guest and a virtual machine host. This latest vulnerability received prompt attention and was given the name CVE-2021-26708. Our blog explains essential details about this severe vulnerability and lists its associated risks to systems.

We are pleased to announce free Raspberry Pi patching for your home and non-commercial projects based on Raspberry Pi devices.

Provided that the project is personal and for non-commercial use, KernelCare’s Raspberry Pi patching updates the Linux kernel at no cost without disruption or downtime.

Subscribing to KernelCare for IoT gives those with commercial IoT projects real-time updates without rebooting the system.

Get a FREE 7-Day Supported Trial of KernelCare 

More articles on our Blog

• How to migrate your KernelCare license to a new server
• Why immature SecOps will cost your company dearly – and how to fix it

In a recent publication Igor Seletsky, CEO of KernelCare, explains the role of containers for Linux kernels and shares tips for deploying, scaling and managing containers in an enterprise. Containers are isolated, but not secured, and may increase the likelihood of an attack. Check out Igor’s security strategy to prevent such an event.

Do not forget to check out previous KernelCare updates:

Monthly KernelCare Update – May 2020

Monthly KernelCare Update – June 2020

Monthly KernelCare Update – July 2020

Monthly KernelCare Update – August 2020

Monthly KernelCare Update – September 2020

Monthly KernelCare Update – October 2020

Monthly KernelCare Update – November 2020

Monthly KernelCare Update – December 2020

Monthly KernelCare Update – January 2021