Kernel security update: Virtuozzo ReadyKernel patch 113.10 for Virtuozzo Server 7.0

Issue date: 2020-08-06

Applies to: Virtuozzo Server 7.0

Virtuozzo Advisory ID: VZA-2020-056

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-1062.12.1.vz7.131.10 (Virtuozzo Server 7.0.13), 3.10.0-1127.8.2.vz7.151.14 (Virtuozzo Server 7.0.14).

2. Security Fixes

• [Moderate] [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] Possible use-after-free error due to a race condition in cdev_get(). It was discovered that use-after-free condition was possible in cdev_get() if multiple processes simultaneously accessed a character device in a certain way. A local attacker could potentially exploit this to crash the kernel. (CVE-2020-0305)

3. Bug Fixes

• [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] File system of a container becomes read-only, __ext4_handle_dirty_metadata() reports error 28. (PSBM-105850)
• [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] memcg: the limit on page cache (memory.cache.limit_in_bytes) could be exceeded significantly in certain cases. (PSBM-106384)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References

• https://access.redhat.com/security/cve/cve-2020-0305
• https://forum.openvz.org/index.php?t=msg&th=13635
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-113.10-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-113.10-1.vl7/

The JSON file with the list of new and updated packages is available at JSON file.