Kernel security update: Virtuozzo ReadyKernel patch 24.0 for Virtuozzo 7.0.4 HF3

Issue date: 2017-06-29

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-058

1. Overview

The first Virtuozzo ReadyKernel patch for Virtuozzo kernel 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3). This patch introduces a security fix and stability bug fixes.

2. Security Fixes

  • [Moderate] A vulnerability was found in the implementation of vxlan interfaces in the Linux kernel. A privileged user inside a container was able to trigger a use-after-free in vxlan_dellink() function with a special sequence of operations with vxlan interfaces, which could result in a system crash or could possibly have other unspecified impact. (PSBM-67263)

  • [Moderate] A vulnerability was found in the signal handling in the Linux kernel. A local unprivileged user could cause a kernel crash (general protection fault) in the cleanup_timers() function by using the rt_tgsigqueueinfo() system call with a specially crafted set of arguments. (PSBM-67221)

3. Bug Fixes

  • Kernel crash (NULL pointer dereference) in list_lru_destroy() in certain conditions. (PSBM-67300)

  • Kernel could enter an endless loop in try_charge() and deadlock on memcgroup reached memory limits. (PSBM-67076)

4. Installing the Update

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

5. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-058.json.