Important kernel security update: Virtuozzo ReadyKernel patch 65.0 for Virtuozzo 7.0.7 HF3 to 7.0.8 HF1¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-693.21.1.vz7.48.2 (7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (7.0.8), and 3.10.0-862.11.6.vz7.64.7 (7.0.8 HF1).

2. Security Fixes¶

• [Important] Use-after-free in the implementation of the shared memory. A flaw was found in the implementation of the shared memory in the Linux kernel. shm_mmap() function did not always check if the underlying file structures were valid, which could lead to use-after-free. A local unprivileged user could exploit this to crash the kernel by executing a special sequence of system calls. (PSBM-89717)

3. Bug Fixes¶

• Potential kernel crash in cbt_flush_cpu_cache(). (PSBM-89323)

• Incorrect accounting of network namespaces in the error paths in copy_net_ns(). (PSBM-89520)

• Errors in the implementation of online resize in ext4 caused failures of ploop resize operations. (PSBM-89583)

• Ploop: integer overflow in the implementation of direct IO could lead to errors when resizing the ploop image. (PSBM-89725)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-65.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-65.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-65.0-1.vl7/

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2018-080.json.