Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
March 4, 2021 - TuxCare expert team
This February we did a diligent work to keep your Linux kernels and shared libraries updated. For instance, you’ll find detailed updates regarding the latest CVEs, recent KernelCare projects, and technical instructions in the following sections. Or, watch a quick recap of the news in video format.
{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=True, width=’1920′, height=’1080′, player_id=’42443781126′, style=” %}
Vulnerabilities that affected Linux kernels were in bloom this month. However, not every vulnerability has a big name and gets the media spotlight – dozens fly under the radar. Below you’ll see the CVEs patched by KernelCare in February: the famous ones and the ones you were not aware of.
This vulnerability involves futexes and a kernel stack use-after-free issue during fault handling. A cybercriminal could crash the kernel and lead to a denial of service or upgrade user privileges. This vulnerability affects all Linux kernels from 2008 until version 5.10.11, which pretty much means anything currently running.
Made public on 4 February 2021, CVE-2021-268 makes possible a local privilege escalation in all Linux kernels prior to 5.10.13. This vulnerability allows for multiple race conditions in the AF_VSOCK implementation caused by wrong locking net/vmw_vsock/af_vsock.c and bypassing SMEP and SMAP. The key threats are data confidentiality and integrity and system availability.
Live patching by KernelCare+ will keep your system protected from every vulnerability, even the ones you are not aware of. Install it ASAP in one command!
To make sure you understand the causes and potential risks of new vulnerabilities, the KernelCare team regularly produces detailed overviews. They feature the technical introductions of new CVEs, as well as tips to identify and mitigate them. Read the notes on the following vulnerabilities in our blogs.
We are pleased to announce free Raspberry Pi patching for your home and non-commercial projects based on Raspberry Pi devices.
Provided that the project is personal and for non-commercial use, KernelCare’s Raspberry Pi patching updates the Linux kernel at no cost without disruption or downtime.
Subscribing to KernelCare for IoT gives those with commercial IoT projects real-time updates without rebooting the system.
Get a FREE 7-Day Supported Trial of KernelCare
In a recent publication Igor Seletsky, CEO of KernelCare, explains the role of containers for Linux kernels and shares tips for deploying, scaling and managing containers in an enterprise. Containers are isolated, but not secured, and may increase the likelihood of an attack. Check out Igor’s security strategy to prevent such an event.
Do not forget to check out previous KernelCare updates:
Monthly KernelCare Update – May 2020
Monthly KernelCare Update – June 2020
Monthly KernelCare Update – July 2020
Monthly KernelCare Update – August 2020
Monthly KernelCare Update – September 2020
Monthly KernelCare Update – October 2020
Monthly KernelCare Update – November 2020
Monthly KernelCare Update – December 2020
Monthly KernelCare Update – January 2021
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...