Virtuozzo’s engineering team has uncovered a kernel vulnerability that helped to prevent future corruption of memory in several standard Linux distributions. Virtuozzo Linux kernel engineer, Vasily Averin, discovered an important, but difficult to detect, kernel vulnerability, then quickly reported it, fixed in Virtuozzo Hybrid Server Update 14 and live-patched in Ready Kernel 108, and worked with the team at KernelCare who live-patched the fix in other linux distributions.
A month ago, Virtuozzo discovered the new security vulnerability in the kernel - CVE-2020-14305. It corrupts the memory in kernels from v3.5 to v4.10 and affects various Linux distribution. The vulnerability was discovered during the investigation of a bug, reported to the Virtuozzo team by FastVPS. The user had experienced corruption of an element in the kmalloc-192 slab. The vulnerability is now fixed in Virtuozzo Hybrid Server 7.0 Update14 and ReadyKernel 108. KernelCare has created the patches for the other affected Linux distributions.
To find out more about the vulnerability and to view the KernelCare release schedule, view the article published on KernelCare’s site here.