Kernel security update: Virtuozzo ReadyKernel patch 106.0 for Virtuozzo 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0 and Virtuozzo Hybrid Infrastructure 3.5¶
Issue date: 2020-05-21
Applies to: Virtuozzo 7.0, Virtuozzo Infrastructure Platform 2.5, Virtuozzo Infrastructure Platform 3.0, Virtuozzo Hybrid Infrastructure 3.5
Virtuozzo Advisory ID: VZA-2020-038
1. Overview¶
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo 7.0 and Virtuozzo Infrastructure Platform, Virtuozzo Hybrid Infrastructure.
2. Security Fixes¶
[Moderate] [3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.4.2.vz7.116.7] Use-after-free read in napi_gro_frags(). A flaw was found in the implementation of GRO, which allows an attacker with local access to trigger a use-after-free read in napi_gro_frags() and, potentially, crash the system. (CVE-2020-10720)
3. Bug Fixes¶
[3.10.0-957.10.1.vz7.85.17 to 3.10.0-1062.12.1.vz7.131.10] qxl: kernel crash in qxl_release_fence_buffer_objects(). (PSBM-102320)
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1062.12.1.vz7.131.10] memcg: potential use-after-free in the implementation of uncharge operations. (PSBM-103864)
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1062.12.1.vz7.131.10] packet: packet_sk_charge() could try to charge zero memory, leading to a use-after-free in memcg subsystem. (PSBM-104125)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
5. References¶
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-106.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-106.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-106.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-106.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-106.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-106.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-106.0-1.vl7/
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-038.json.