ptrace virtualization code to the debug registers has an incorrect error handling which was discovered by Andy Lutomirski and disclosed today (CVE–2018–1000199). This vulnerability can lead to corruption and DoS. In practice, if an illegal value is written, such as DR0, the internal state of the kernel’s breakpoint tracking can become corrupt even though the
ptrace() call will return -EINVAL.
This error reported has illustrated exploits for x86 kernels, but other kernels can be affected as well. According to Andy:
“The bug itself is spread all over the place in the kernel in generic and arch code.”
Major Linux distributions will be releasing kernel updates with a fix, which requires a reboot. However, if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, without any downtime.
When you install KernelCare, whether a paid or a trial version, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward. If you’d like to update your kernels as soon as the fix is released, you can get KernelCare for free for 30 days here. To learn more about KernelCare, visit this page.
Status of patch releases for KernelCare:
- CloudLinux OS 7 – released
- CentOS 7 Plus – released
- CentOS 7 – released
- CentOS 6 Alt – released
- CentOS 7 Alt – released
- Ubuntu 16.04 – released
- Ubuntu 14.04 – released
- RHEL 7 – released
- Debian 7 – released
- Debian 8 – released
- Debian 9 – released
- Proxmox 3.10 – released
- Proxmox 4.2 – released
- Proxmox 5 – released