ClickCease Patches for CVE-2021-3347 are being delivered - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Patches for CVE-2021-3347 are being delivered

February 2, 2021 - TuxCare expert team

patches for cve-2021-3347 are being delivered

Very recently a new vulnerability of the Linux Kernel was announced. It has been assigned CVE-2021-3347, and is (yet another) futex-related vulnerability.

The relevant aspect of this vulnerability is that it affects any kernel from 2008 onwards, up until version 5.10.11. That’s basically anything running today, every kernel version on every distribution. The details of the exploit and PoC code are still not available publicly, but that doesn’t guarantee they don’t exist in the wild. 

 

/*  “The futexes are also cursed.”

 *  “But they come in a choice of three flavours!” 

*/

(from the futex.c comments)

 

 

Futex-related exploits are nothing new, and have been the source of some grief for sysadmins everywhere over the years. The code behind the futexes was originally created as a way to facilitate mutex usage across the kernel and userspace, but the logic quickly gained complexity and many edge cases have been found to cause security issues.

 

A working exploit can lead to memory corruption through a Use-After-Free, which in turn can lead to privilege escalation, information exfiltration and the usual set of nasty events you don’t want your servers subjected to. Adding insult to injury, it has been classified as easy to exploit, and possible to exploit remotely.

 

If you’re running KernelCare, we already started rolling out patches for Ubuntu Focal Fossa, Oracle EL 8 and Redhat EL 8, so your systems should be receiving them soon. Other supported systems will follow shortly. We will also have more detailed information regarding this vulnerability in an upcoming blog post, but due to the wide range of affected distributions and the high potential for risk, we are providing this quick brief to raise awareness to the dangers, pending further details.

 

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Strategies for Managing End-of-Life Operating...

End-of-life software is just a fact of our fast-paced technology...

January 30, 2023

Think You Can’t Afford Consistent...

Look, everyone knows that it’s a tough act. Thousands of...

January 17, 2023

Common Government Cybersecurity Standards –...

The public sector, including state and federal agencies, are at...

January 16, 2023

Which Linux Distro is Best...

If your organization deploys IoT solutions, you know that development...

December 1, 2022

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022