CVE-2016-8655 Linux Kernel Vulnerability

December 7, 2016

A Linux kernel vulnerability allowing privilege escalation has been found that affects most major Linux distributions, including Ubuntu. The fix for this vulnerability, identified by CVE-2016-8655, has been applied to all servers managed by ServerPilot.

The vulnerability involves a race condition in Linux kernel network code that can be exploited on systems with network namespaces enabled for unprivileged users. Network namespaces are a feature used by some Linux container systems, such as Docker and LXC.

What We Have Done

As the vulnerability is in kernel code related to unprivileged namespaces, a kernel feature not used by ServerPilot, ServerPilot has disabled this unused kernel feature on all servers.

What You Should Do

No action is required by you.

Optional: Reboot to Run Updated Kernel

Though not required as ServerPilot has disabled the affected kernel feature so that it is not exploitable, some users may still prefer to also run the updated kernel released by Ubuntu that patches the vulnerable code.

ServerPilot has already installed the updated kernel on all servers. To use this updated kernel, SSH into your server as root and reboot your server with the following command:

sudo reboot

For DigitalOcean users with Ubuntu 12.04 or 14.04 servers, you also need to switch your server to use DigitalOcean's new kernel management to use the updated kernel. If your DigitalOcean server is running Ubuntu 16.04, you do not need to do this as all Ubuntu 16.04 servers use DigitalOcean's new kernel management by default.

Don't hesitate to contact us if you have any questions.