Kernel security update: Virtuozzo ReadyKernel patch 113.10 for Virtuozzo Hybrid Server 7.0¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-1062.12.1.vz7.131.10 (Virtuozzo Hybrid Server 7.0.13), 3.10.0-1127.8.2.vz7.151.14 (Virtuozzo Hybrid Server 7.0.14).

2. Security Fixes¶

• [Moderate] [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] Possible use-after-free error due to a race condition in cdev_get(). It was discovered that use-after-free condition was possible in cdev_get() if multiple processes simultaneously accessed a character device in a certain way. A local attacker could potentially exploit this to crash the kernel. (CVE-2020-0305)

3. Bug Fixes¶

• [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] File system of a container becomes read-only, __ext4_handle_dirty_metadata() reports error 28. (PSBM-105850)

• [3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] memcg: the limit on page cache (memory.cache.limit_in_bytes) could be exceeded significantly in certain cases. (PSBM-106384)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://access.redhat.com/security/cve/cve-2020-0305

• https://forum.openvz.org/index.php?t=msg&th=13635

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-113.10-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-113.10-1.vl7/

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-056.json.