[Important] [Security] Virtuozzo ReadyKernel Patch 161.0 for Virtuozzo Server 7.5

Issue date: 2023-09-20

Applies to: Virtuozzo Server 7.5

Virtuozzo Advisory ID: VZA-2023-027

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Server 7.5.

2. Security Fixes

• [Important] [3.10.0-1160.53.1.vz7.185.3 to 3.10.0-1160.90.1.vz7.200.7] A race condition in ‘venetdev’ leads to corrupted data in ‘/proc/net/dev.’ (PSBM-150027)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference after mounting a special UDF filesystem image. (CVE-2022-0617)
• [Important] [3.10.0-1160.90.1.vz7.200.7] RDMA connection is not stable enough because of a low default retry counter. (RK-352)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A reference counter leak in an error path for a network packet scheduler. (CVE-2023-3609)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free in a network packet scheduler. (CVE-2023-3776)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference in IPsec configuration. (CVE-2023-3772)
• [Important] [3.10.0-1160.90.1.vz7.200.7] An invalid memory write in a network packet scheduler. (CVE-2023-3611)
• [Important] [3.10.0-1160.90.1.vz7.200.7] An out-of-bounds memory write in a network packet scheduler. (CVE-2023-35788)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free in a Linux console driver. (CVE-2023-3567)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Out-of-bounds memory access during reading relayfs. (CVE-2023-3268)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference caused by a race during updating nftables. (CVE-2023-1095)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference in traffic control when assigning classes to noqueue disciplines. (CVE-2022-47929)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free while changing a network packet scheduler. (CVE-2023-0590)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Invalid memory access on mounting an invalid GFS2 image. (CVE-2023-3212)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A memory leak in the SCTP socket error path. (CVE-2023-1074)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Missed CR0 and CR4 register checks in the KVM subsystem. (CVE-2023-30456)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free in ’ext4 setfattr.’ (CVE-2023-2513)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Out-of-bounds memory access in a QFQ network packet scheduler. (CVE-2023-31436)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free in an iSCSI driver. (CVE-2023-2162)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A kernel crash on mounting an invalid XFS image. (CVE-2023-2124)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A kernel data leak via spectre-like ‘gadget.’ (CVE-2023-0458)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free in a packet family socket in ‘prb_retire_rx_blk_timer_expired().’ (RK-337)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A memory leak in the net queue scheduler cls_u32 error handler. (CVE-2022-29581)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free when routing an IGMP multicast message. (CVE-2022-20141)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A double-free in a net vhost driver error path. (CVE-2023-1838)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference in a net SLIP driver. (CVE-2022-41858)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Handle case where the lookup of a directory but a file exists. (CVE-2022-24448)
• [Important] [3.10.0-1160.90.1.vz7.200.7] ‘xprtrdma’ incorrect header size calculations. (CVE-2022-0812)
• [Important] [3.10.0-1160.90.1.vz7.200.7] NFSv4.1 double ‘svc_xprt_put’ if ‘rpc_create’ failures. (CVE-2022-4379)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A use-after-free in an NFP device driver. (CVE-2022-3545)
• [Important] [3.10.0-1160.90.1.vz7.200.7] A netfilter fix in the IRC helper. (CVE-2022-2663)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Data races around the ‘icsk->icsk_af_ops’ pointer. (CVE-2022-3566)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Memory leak in ‘ipv6_renew_options.’ (CVE-2022-3524)
• [Important] [3.10.0-1160.90.1.vz7.200.7] An ‘openvswitch: integer’ underflow leads to an out-of-bounds write. (CVE-2022-2639)
• [Important] [3.10.0-1160.90.1.vz7.200.7] Quota: check the block number when reading the block in a quota file. (CVE-2021-45868)

3. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running readykernel update.

4. References

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-200.7-161.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-191.4-161.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-185.3-161.0-1.vl7/

The new and updated packages are listed in the JSON file.