Skip to main content
BlogLinuxNew kernels, fixed vulnerabilities

New kernels, fixed vulnerabilities

We’ve released five new kernels which contain the fix for the recently announced Linux kernel local privilege escalation vulnerability (CVE-2009-2692).  The following kernels are NOT vulnerable:

2.6.18.8-linode19 (Latest 2.6 Stable)
2.6.30.5-linode20
2.6.18.8-x86_64-linode7 (Latest 2.6 Stable – x86_64)
2.6.30.5-x86_64-linode8
2.6.23.17-linode44 (for UML)

Please check the output of “uname -r” from within your Linode.  If you’re not running one of the kernels above (or later) then your Linode may be vulnerable.  In that case, we strongly recommend you choose “Latest 2.6 Stable” (or the non-vulnerable kernel of your choice) in your Linode’s Configuration Profile and reboot the Linode to acquire the change.  Verify you picked up the new kernel by running “uname -r” again after rebooting.

Exploits exist, affecting all versions of the Linux kernel up to and including 2.6.30.4, that allow a normal local user to gain root privileges.  We had mixed results in our testing, but the exploit definitely worked without modification on a couple of our kernels.  We strongly recommend you make sure you’re running one of the kernels listed above (or later).  We also maintain this list of available kernels.

Comments (12)

  1. Author Photo

    Thanks for the update. Was wondering when this was going to come out. I was scared for a few days.

  2. Christopher Aker

    The 2.6.18.8 series kernels we released last Friday night, but wanted to wait for 2.6.30.5 before making the announcement.

  3. Author Photo

    Nice, thanks for the update.

  4. Author Photo

    How do I upgrade to the latest kernel if I’m on an old version?

  5. Author Photo

    To upgrade, simply reboot, then verify it again with: uname -r

  6. Author Photo

    Thanks for informing us about that on your blog.
    I love your service. 🙂

    Have a good day.
    Davide.

  7. Author Photo

    Mine says “2.6.18.8-linode16”.

    Would you say this requires update?

    Thanks!

  8. Christopher Aker

    Is 2.6.18.8-linode16 or later in the list above? No. So you’re vulnerable.

  9. Author Photo

    Thank you for your continued updates. This is very much appreciated and certainly why Linode LLC is the right choice for our services. Keep up the fantastic support work.

  10. Author Photo

    Thanks for the great work! Is this kernel’s source available? I see many kernel sources here: https://www.linode.com/src/ but not 2.6.23.17-linode44.

    I was hoping to get the right headers so I can compile kernel modules on my Linodes!

  11. Christopher Aker

    @Casey – that’s a UML kernel, which doesn’t support modules in our environment. If you need modules, submit a ticket and we’ll migrate your Linode to a Xen host.

  12. Author Photo

    Thanks for the advice! I rarely need to build kernel modules, but it would be nice and I doubt I’d notice the UML/Xen switch otherwise.

Leave a Reply

Your email address will not be published. Required fields are marked *