An updated Ubuntu 16.04 ELS with the fix for the CVE-2021-33909 is now available for download from our production repository.
A new updated CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.
A new updated CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.
CVE-2021-33909 was disclosed on the 20th of July. It describes a vulnerability in the Linux filesystem layer that can lead to local privilege elevation when successfully exploited. The vulnerable code was apparently introduced in a commit dating from July 2014 (Linux 3.16). Every distribution running this or any subsequent version is vulnerable to this problem, with Proof-of-Concept code for several common distributions already created.
TuxCare’s KernelCare is finalising patches for all supported and affected distributions, and subscribers will start to receive these very soon.
[UPDATE] Patches are now being delivered for the following Linux distributions:
- CloudLinux 6h and 7
- OEL 6, 7 and 8
- RHEL 6, 7 and 8
- CentOS 6, 6-plus, 7 and 8
- AlmaLinux 8
- Ubuntu Bionic, Focal and Xenial
- SL 6
[UPDATE #2] The following distributions also have patches being delivered now:
- CloudLinux 8
- Debian 8, 9
- OEL6-uek4, OEL7-uek4, OEL7-uek5, OEL7-uek6, OEL8-uek6
[UPDATE #3] The following distributions are now also being delivered:
- Debian 10, Debian 10-cloud