Issue
After updating to the GhostLock (CVE-2026-43499) patched kernel and rebooting, websites stopped loading and return errors such as "Resource Limit Is Reached" or HTTP 508 (Loop Detected). LVE does not appear to be working, even though the kernel update completed successfully.
Environment
- Component: LVE / CageFS (kmod-lve)
- Operating system: CloudLinux OS 7h, 8, 9, 10
- Version / package:
kmod-lve; GhostLock-patched kernel (CVE-2026-43499)
Solution
The steps are the same on all CloudLinux versions.
-
Confirm the LVE module is not loaded for the running kernel:
uname -r lsmod | grep kmodlve modprobe kmodlve
If
lsmodshows nothing,modprobereports "Module kmodlve not found", andfindshows nokmodlve.kounder the running kernel, continue. -
Update
kmod-lveto a build matching the running kernel, then confirm the module now exists:yum update kmod-lve --enablerepo=cloudlinux-rollout-6-bypass
The rollout repository is only needed while the matching build has not yet reached stable. Once it is in stable, drop the
--enablerepoflag. -
Load the module and refresh CageFS:
modprobe kmodlve lsmod | grep kmodlve lvectl apply all cagefsctl --force-update && cagefsctl -M
- Verify the fix:
-
lsmod | grep kmodlveshows the module loaded. -
lvectl listshows the expected non-zero limits. - The affected websites load normally again.
-
Cause
The LVE kernel module ships in the kmod-lve package as a build tied to specific kernel versions. When the kernel is updated to a build newer than the installed kmod-lve supports, there is no matching kmodlve.ko for the running kernel, so the module cannot load. Without LVE loaded, LVE and CageFS cannot enforce or account for resources, which breaks site delivery. The GhostLock advisory covers only the kernel update and does not mention kmod-lve, so this can appear on any server whose installed kmod-lve predates the newly installed patched kernel.
Comments
0 comments
Please sign in to leave a comment.