Important kernel security update: Virtuozzo ReadyKernel patch 87.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0

Issue date: 2019-09-23

Applies to: Virtuozzo 7.0, Virtuozzo Infrastructure Platform 2.5, Virtuozzo Infrastructure Platform 3.0

Virtuozzo Advisory ID: VZA-2019-074

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported kernels of Virtuozzo 7.0 and Virtuozzo Infrastructure Platform.

2. Security Fixes

  • [Important] [3.10.0-693.17.1.vz7.43.10 to 3.10.0-957.12.2.vz7.96.21] vhost-net: guest to host kernel escape during migration. A buffer overflow vulnerability was found in the networking virtualization functionality (vhost-net) that could be abused during live migration of virtual machines. A privileged guest user may pass descriptors with invalid length to the host when live migration is underway to crash the host kernel or, potentially, escalate their privileges on the host. (CVE-2019-14835)

3. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.