[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Server 7.5

Issue date: 2023-07-06

Applies to: Virtuozzo Server 7.5

Virtuozzo Advisory ID: VZA-2023-018

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Server 7.5.

2. Security Fixes

• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Partial fix to prevent memory leak for some cases in the cgroup subsystem. (PSBM-147036)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the packet family socket in prb_retire_rx_blk_timer_expired(). (RK-337)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel data leak via spectre-like ‘gadget.’ (CVE-2023-0458)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel crash on mount invalid XFS image. (CVE-2023-2124 )
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the iSCSI driver. (CVE-2023-2162)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Out-of-bound memory access in the QFQ network packet scheduler. (CVE-2023-31436)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in ext4 setfattr. (CVE-2023-2513)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Missed the CR0 and CR4 register checks in KVM subsystem. (CVE-2023-30456)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A memory leak in the SCTP socket error path. (CVE-2023-1074)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Invalid memory access on mount invalid GFS2 image. (CVE-2023-3212)
• [Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free while connecting Bluetooth. (CVE-2021-3640)

3. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running readykernel update.

4. References

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-191.4-157.3-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-185.3-157.3-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-183.5-157.3-1.vl7/

The new and updated packages are listed in the JSON file.