Impacts of CVE-2019-11815 on linode kernels
CVE-2019-11815 reveals RCE vulnerability in kernels prior to 5.0.8. I wonder which linode provided kernels are not affected and when the latest x86-64 kernel will move to the unaffected one.
Thanks
1 Reply
I checked with our team and learned that CVE-2019-11815 was patched upstream in the Linux kernel starting with 5.0.8, which we released on April 17, 2019. Here is the official Linux commit to patch this vulnerability. This kernel update was documented on our publically available list of kernels, including previous versions and their release date, on our website.
I know this is a much later than your original post but I wanted to follow up with you to give you some context on how we handle updating kernels.
Our kernels receive upstream updates, which we then roll into ours. Often, this process can be done within hours of an upstream change. To determine if a Linode kernel is marked as Latest, we take a couple of things into account. It may be allowed to bake for some time to allow for any bugs to be identified, but patching vulnerabilities may move up that timeline, depending on the vulnerability.
If you would like to review the kernel that your Linode is using, you can find that information in the "Disk/Configs" section of the Linode Dashboard. Clicking the three ellipses (…), you'll want to click the "Edit" option and look for Boot Settings. Some guides that may be helpful here are: