New CloudLinux 5 Kernel Released to Patch Important Use-After-Free Vulnerability

The vulnerability, CVE-2016-7117, was discovered and patched upstream, for all supported Red Hat Enterprise Linux releases, and it appears to be a use-after-free security flaw in the socket recvmmsg subsystem of the Linux kernel, which could allow a remote attacker to execute malicious code or corrupt memory on the affected host. The vulnerability is known to affect the realtime-kernel of Red Hat Enterprise MRG 2, as well as the kernel and kernel-rt packages of both Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 5 operating systems. However, it’s now patched, and it’s also available for CloudLinux 5 users.