Kernel security update: Virtuozzo ReadyKernel patch 113.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0 and Virtuozzo Hybrid Infrastructure 3.5

Issue date: 2020-08-06

Applies to: Virtuozzo Hybrid Infrastructure 3.5, Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, Virtuozzo Infrastructure Platform 3.0

Virtuozzo Advisory ID: VZA-2020-055

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-862.20.2.vz7.73.29 (Virtuozzo Hybrid Server 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-957.10.1.vz7.85.17 (Virtuozzo Hybrid Server 7.0.10), 3.10.0-957.12.2.vz7.86.2 (Virtuozzo Hybrid Server 7.0.10 HF1), 3.10.0-957.12.2.vz7.96.21 (Virtuozzo Hybrid Server 7.0.11 and Virtuozzo Infrastructure Platform 3.0), 3.10.0-1062.4.2.vz7.116.7 (Virtuozzo Hybrid Server 7.0.12 HF1 and Virtuozzo Hybrid Infrastructure 3.5).

2. Security Fixes

  • [Moderate] [3.10.0-957.10.1.vz7.85.17 to 3.10.0-1062.4.2.vz7.116.7] Possible use-after-free error due to a race condition in cdev_get(). It was discovered that use-after-free condition was possible in cdev_get() if multiple processes simultaneously accessed a character device in a certain way. A local attacker could potentially exploit this to crash the kernel. (CVE-2020-0305)

3. Bug Fixes

  • [3.10.0-862.20.2.vz7.73.29 to 3.10.0-1062.4.2.vz7.116.7] File system of a container becomes read-only, __ext4_handle_dirty_metadata() reports error 28. (PSBM-105850)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.