Important kernel security update: Virtuozzo ReadyKernel patch 62.2 for Virtuozzo 7.0.4 and 7.0.8 HF1

Issue date: 2018-09-28

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2018-072

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported Virtuozzo kernels.

2. Security Fixes

  • [Important] An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634)

  • [Low] The Linux kernel imposes a size limit on the memory needed to store the arguments and environment variables of a process, 1/4 of the maximum stack size (RLIMIT_STACK). However, the pointers to these data were not taken into account, which allowed attackers to bypass the limit and even exhaust the stack of the process. (CVE-2017-1000365)

3. Bug Fixes

  • It was found that the implementation of high resolution timers (‘hrtimer’ subsystem) did not handle the situation when a timer was started simultaneously with its restart in another thread. As a result, a BUG_ON() could trigger in __run_hrtimer() leading to kernel crash. (PSBM-88818)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.