Kernel security update: Virtuozzo ReadyKernel patch 88.0 for Virtuozzo 7.0.7¶
Issue date: 2019-10-01
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2019-076
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernel 3.10.0-693.17.1.vz7.43.10 (Virtuozzo 7.0.7). NOTE: No more patches are planned for this kernel, support for which ends with this update.
2. Security Fixes¶
[Moderate] megaraid_sas: potential kernel crash due to a NULL pointer dereference in megasas_free_cmds(). A flaw was found in ‘megaraid_sas’ kernel module. NULL pointer dereference can occur in megasas_free_cmds() function due incorrect error handling in megasas_alloc_cmds(). An attacker could exploit this to trigger a kernel crash. (CVE-2019-11810)
3. Bug Fixes¶
memcg: race condition between reparenting and kmem uncharging. It was discovered that a race condition was possible between kmem uncharging and mem_cgroup_reparent_charges(). A kernel warning would be triggered as a result. (PSBM-97012)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-076.json.