Kernel security update: Virtuozzo ReadyKernel patch 109.0 for Virtuozzo Server 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0, and Virtuozzo Infrastructure 3.5

Issue date: 2020-06-23

Applies to: Virtuozzo Infrastructure 3.5, Virtuozzo Server 7.0, Virtuozzo Infrastructure Platform 2.5, Virtuozzo Infrastructure Platform 3.0

Virtuozzo Advisory ID: VZA-2020-046

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Server 7.0, Virtuozzo Infrastructure Platform, and Virtuozzo Infrastructure.

2. Security Fixes

[Moderate] [3.10.0-862.20.2.vz7.73.24 to 3.10.0-1127.8.2.vz7.151.14] Denial of service by corrupting mountpoint reference counter. It was discovered that a race condition was possible between pivot_root() and put_mountpoint() operations. A local unprivileged attacker could exploit this to corrupt mountpoint reference counter and cause a denial of service (kernel crash). (CVE-2020-12114)

3. Bug Fixes

[3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1062.12.1.vz7.131.10] ext4: potential kernel crash in ext4_cross_rename(): certain error cases were not checked properly. (PSBM-104563)
[3.10.0-1127.8.2.vz7.151.14] futex: potential system hang due to a missing unlock operation in the error path of futex_wait_requeue_pi(). (PSBM-104664)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References

The JSON file with the list of new and updated packages is available at JSON file.