Kernel security update: Virtuozzo ReadyKernel patch 88.1 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-693.21.1.vz7.46.7 (Virtuozzo 7.0.7 HF2), 3.10.0-693.21.1.vz7.48.2 (Virtuozzo 7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (Virtuozzo 7.0.8), 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1), 3.10.0-862.20.2.vz7.73.24 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-862.20.2.vz7.73.29 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-957.10.1.vz7.85.17 (Virtuozzo 7.0.10), 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0.10 HF1), 3.10.0-957.12.2.vz7.96.21 (Virtuozzo 7.0.11 and Virtuozzo Infrastructure Platform 3.0).

2. Security Fixes¶

• [Moderate] [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.86.2] megaraid_sas: potential kernel crash due to a NULL pointer dereference in megasas_free_cmds(). A flaw was found in ‘megaraid_sas’ kernel module. NULL pointer dereference can occur in megasas_free_cmds() function due incorrect error handling in megasas_alloc_cmds(). An attacker could exploit this to trigger a kernel crash. (CVE-2019-11810)

3. Bug Fixes¶

• [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Kernel complained about busy inodes after unmount of NFS shares and crashed in certain cases. (PSBM-95177)

• [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Data corruption in the EXT4 file system when truncating the extent index blocks. (PSBM-96719)

• [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] memcg: race condition between reparenting and kmem uncharging. It was discovered that a race condition was possible between kmem uncharging and mem_cgroup_reparent_charges(). A kernel warning would be triggered as a result. (PSBM-97012)

• [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Kernel crashed in down_read() when a FUSE file system was exported via NFS. (PSBM-97905)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-11810

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-88.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-88.1-1.vl7/

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-078.json.