Kernel security update: CVE-2017-9242 and other; Virtuozzo ReadyKernel patch 30.3 for Virtuozzo 7.0.5

Issue date: 2017-09-06

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-079

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernel 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5).

2. Security Fixes

  • [Moderate] A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558)

  • [Moderate] The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. (CVE-2017-9242)

  • [Moderate] A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial-of-service. (CVE-2017-14106)

3. Bug Fixes

  • It was discovered that the block layer of the kernel did not properly check for gaps in the IO requests being merged. In some cases, the resulting request could be incorrect, leading to kernel crashes. (PSBM-70321)

  • It was found that an infinite loop could occur in mem_cgroup_reparent_charges() in certain conditions. The problem could happen when cgroups were being destroyed and that function was called under cgroup_mutex. The mutex could remain locked forever as a result, blocking many other processes waiting on it, which would make the system nearly unusable. (PSBM-70556)

4. Installing the Update

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.