Kernel security update: Virtuozzo ReadyKernel patch 80.0 for Virtuozzo 7.0 Update 10 HF1

Issue date: 2019-05-30

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2019-044

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernel 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0 Update 10 HF1).

2. Security Fixes

  • [Moderate] It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service. (PSBM-94535)

3. Bug Fixes

  • It was discovered that inode tables created during online resize of an ext4 filesystem were not zeroed after that. This could potentially result in lower performance of the file system. (PSBM-93988)

  • It was found that if no PMU counters were exposed to guest, KVM skipped the whole remaining PMU-related initialization, including filling of LBR-related data. As it turned out, Windows Server 2016 Essentials tried to access these data during the installation and failed to install as a result. (PSBM-94429)

  • ploop: ‘pcompact’ could hang if run simultaneously with ‘ploop-balloon status’. (PSBM-94727)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-044.json.