Important kernel security update: Virtuozzo ReadyKernel patch 65.0 for Virtuozzo 7.0.7 HF3 to 7.0.8 HF1

Issue date: 2018-11-02

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2018-080

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-693.21.1.vz7.48.2 (7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (7.0.8), and 3.10.0-862.11.6.vz7.64.7 (7.0.8 HF1).

2. Security Fixes

• [Important] Use-after-free in the implementation of the shared memory. A flaw was found in the implementation of the shared memory in the Linux kernel. shm_mmap() function did not always check if the underlying file structures were valid, which could lead to use-after-free. A local unprivileged user could exploit this to crash the kernel by executing a special sequence of system calls. (PSBM-89717)

3. Bug Fixes

• Potential kernel crash in cbt_flush_cpu_cache(). (PSBM-89323)
• Incorrect accounting of network namespaces in the error paths in copy_net_ns(). (PSBM-89520)
• Errors in the implementation of online resize in ext4 caused failures of ploop resize operations. (PSBM-89583)
• Ploop: integer overflow in the implementation of direct IO could lead to errors when resizing the ploop image. (PSBM-89725)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-65.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-65.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-65.0-1.vl7/

The JSON file with the list of new and updated packages is available at JSON file.