[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.5

Issue date: 2021-02-05

Applies to: Virtuozzo Hybrid Server 7.5

Virtuozzo Advisory ID: VZA-2021-006

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to the kernel 3.10.0-1127.18.2.vz7.163.46 (Virtuozzo Hybrid Server 7.5).

2. Security Fixes

  • [Important] Incorrect locking in TTY subsystem could lead to use-after-free conditions and cause memory corruption. (CVE-2020-29661)

  • [Moderate] ‘Bad unlock balance’ error in ipmr_mfc_seq_stop(). It was discovered that the implementation of IPv6 multicast routing could try to access wrong data when a user tried to read certain files in /proc. An attacker could exploit that from a container to trigger ‘bad unlock balance’ error in ipmr_mfc_seq_stop(), followed by a kernel crash. (PSBM-122990)

  • [Moderate] Soft lockup in ext4_ext_find_extent(). It was discovered that certain ioctl operations in ext4 did not check their arguments properly. An attacker could exploit that from a container to trigger soft lockups in ext4_ext_find_extent() function, which could result in a denial of service. (PSBM-122991)

3. Bug Fixes

  • Userspace processes could crash with ‘double free or corruption’ errors due to a lost TLB flush in the kernel. (PSBM-124581)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.