Dear UCloud users:
The Linux kernel is proof of the presence of conditions of competition of high-risk vulnerabilities, exploit the vulnerability from low rights processes executing kernel code, harm the serious. Please check you are using the kernel is in the affected range, and timely upgrades.
Scope of impact
centos 5 and 6 are not affected
centos 7 default is not affected by the impact of open namespaces after the affected)
ubuntu 12.04 14.04 affected
Debian 7, and 8 affected
Solution
Please make a backup of the work, in order to avoid a kernel repair after an accident situation
Vulnerability details
CVE-2016-8655: Linux (net/packet/af_packet. c)the presence of conditions of competition vulnerability that can allow low-privileged process to obtain the kernel code to execute permission. Vulnerability as early as 2011(v3. 2-rc1)version are found in 2016 11 on v4. 9-rc8 version is fixed.
POC: the https://www.exploit-db.com/exploits/40871/