Kernel security update: Virtuozzo ReadyKernel patch 54.0 for Virtuozzo 7.0.7 HF2 and 7.0.7 HF3¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo 7.0 kernels 3.10.0-693.21.1.vz7.46.7 (7.0.7 HF2) and 3.10.0-693.21.1.vz7.48.2 (7.0.7 HF3).

2. Security Fixes¶

• [Moderate] By mmap()ing a FUSE-backed file onto a process’s memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). (CVE-2018-1120)

3. Bug Fixes¶

• Kernel crashes (NULL pointer dereference) if memory allocation fails in alloc_vfsmnt(). (PSBM-86420)

• Kernel crash in fuse_direct_IO_bvec(). (PSBM-86446)

4. Installing the Update¶

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-54.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-54.0-1.vl7/

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2018-046.json.