Kernel security update: Virtuozzo ReadyKernel patch 113.10 for Virtuozzo Hybrid Server 7.0

Issue date: 2020-08-06

Applies to: Virtuozzo Hybrid Server 7.0

Virtuozzo Advisory ID: VZA-2020-056

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-1062.12.1.vz7.131.10 (Virtuozzo Hybrid Server 7.0.13), 3.10.0-1127.8.2.vz7.151.14 (Virtuozzo Hybrid Server 7.0.14).

2. Security Fixes

  • [Moderate] [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] Possible use-after-free error due to a race condition in cdev_get(). It was discovered that use-after-free condition was possible in cdev_get() if multiple processes simultaneously accessed a character device in a certain way. A local attacker could potentially exploit this to crash the kernel. (CVE-2020-0305)

3. Bug Fixes

  • [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] File system of a container becomes read-only, __ext4_handle_dirty_metadata() reports error 28. (PSBM-105850)

  • [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] memcg: the limit on page cache (memory.cache.limit_in_bytes) could be exceeded significantly in certain cases. (PSBM-106384)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.