Important kernel security update: CVE-2017-7645 and other; Virtuozzo ReadyKernel patch 21.0 for Virtuozzo 7.0.x

Issue date: 2017-05-23

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-038

1. Overview

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3), and 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4).

2. Security Fixes

  • [Important] The NFS2/3 RPC client could send long arguments to nfsd server. These encoded arguments are stored in an array of memory pages, and accessed via various pointer variables. Arbitrarily long arguments could make these pointers point outside the array, thus causing out-of-bounds memory access. A remote user/program could use this flaw to crash the kernel resulting in DoS. (CVE-2017-7645)

  • [Important] The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly have unspecified other impact via crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895)

  • [Moderate] If sctp module is loaded on the host, a privileged user inside a container can cause a kernel crash by triggering a NULL pointer dererefence in sctp_endpoint_destroy() function with a specially crafted sequence of system calls. (PSBM-65826)

  • [Moderate] A privileged user inside a container can cause a kernel crash by triggering a BUG_ON in unregister_netdevice_many() function with a specially crafted sequence of system calls. (PSBM-65345)

3. Installing the Update

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.