Kernel security update: Virtuozzo ReadyKernel patch 115.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0, and Virtuozzo Hybrid Infrastructure 3.5¶
Issue date: 2020-09-08
Applies to: Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, Virtuozzo Infrastructure Platform 3.0, Virtuozzo Hybrid Infrastructure 3.5
Virtuozzo Advisory ID: VZA-2020-060
1. Overview¶
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure.
2. Security Fixes¶
[Moderate] [3.10.0-862.20.2.vz7.73.29 to 3.10.0-1127.8.2.vz7.151.14] Potential kernel crash (use-after-free) in the implementation of usermode helpers. A race condition was discovered in the implementation of usermode helpers in the kernel. An attacker could exploit it from a container to cause a denial-of-service (kernel crash due to a use-after-free), or, potentially, to escalate their privileges in the system. (PSBM-107061)
[Moderate] [3.10.0-862.20.2.vz7.73.29 to 3.10.0-1127.8.2.vz7.151.14] nf_tables: kernel crash in nf_tables_getset(). It was discovered that the implementation of nf_tables did not properly validate certain parameters. An attacker could exploit this from a container to cause a kernel crash: NULL pointer dereference or a general protection fault in nf_tables_getset(). (PSBM-106408)
[Moderate] [3.10.0-862.20.2.vz7.73.29 to 3.10.0-1127.8.2.vz7.151.14] nfnetlink: potential kernel crash (skb_over_panic) in skb_put(). It was discovered that nfnetlink subsystem did not properly validate certain messages. An attacker could exploit this from a container to cause a kernel crash: skb_over_panic in skb_put(). (PSBM-106395)
3. Bug Fixes¶
[3.10.0-862.20.2.vz7.73.29 to 3.10.0-1062.4.2.vz7.116.7] nf_conntrack: potential kernel crash in nf_ct_gre_keymap_destroy(). (PSBM-106273)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
5. References¶
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-115.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-115.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-115.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-115.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-115.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-115.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-115.0-1.vl7/
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-060.json.