Important kernel security update: CVE-2017-7645 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.0¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0).

2. Security Fixes¶

• [Important] The NFS2/3 RPC client could send long arguments to nfsd server. These encoded arguments are stored in an array of memory pages, and accessed via various pointer variables. Arbitrarily long arguments could make these pointers point outside the array, thus causing out-of-bounds memory access. A remote user/program could use this flaw to crash the kernel resulting in DoS. (CVE-2017-7645)

• [Important] The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly have unspecified other impact via crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895)

• [Moderate] The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9077)

• [Moderate] The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)

• [Moderate] The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9075)

• [Moderate] The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. (CVE-2017-9074)

• [Moderate] The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)

• [Moderate] A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646)

• [Moderate] If the sctp module was loaded on the host, a privileged user inside a container could cause a kernel crash by triggering a NULL pointer dererefence in the sctp_endpoint_destroy() function with a specially crafted sequence of system calls. (PSBM-65826)

• [Moderate] A privileged user inside a container could cause a kernel crash by triggering a BUG_ON in the unregister_netdevice_many() function with a specially crafted sequence of system calls. (PSBM-65345)

3. Installing the Update¶

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

4. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-22.0-1.vl7/

• https://access.redhat.com/security/cve/CVE-2017-9077

• https://access.redhat.com/security/cve/CVE-2017-9076

• https://access.redhat.com/security/cve/CVE-2017-9075

• https://access.redhat.com/security/cve/CVE-2017-9074

• https://access.redhat.com/security/cve/CVE-2017-8890

• https://access.redhat.com/security/cve/CVE-2016-8646

• https://access.redhat.com/security/cve/CVE-2017-7895

• https://access.redhat.com/security/cve/CVE-2017-7645

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-042.json.