EDR: 6.1.11-LNX sensor causes kernel panic on RHEL 7.7 server
search cancel

EDR: 6.1.11-LNX sensor causes kernel panic on RHEL 7.7 server

book

Article ID: 289055

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

6.1.11-LNX sensor causes a kernel panic of the RHEL 7.7 server.

Environment

  • EDR Server: All Supported Version
  • EDR Linux Sensor: 6.1.11
  • RHEL 7.7

Cause

The Sensor is walking through a list of (more than one) user control message structures in the _socket_recvmsg() sensor hook, and inadvertently tried to dereference a user address to get the address of the next structure. The kernel then paniced because it could not handle the page fault on a user address.

Resolution

The issue has been fixed in the 6.3.2-LNX sensor version, so upgrade any affected sensors.
Powered by Wolken Software