[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.5¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to the kernel 3.10.0-1127.18.2.vz7.163.46 (Virtuozzo Hybrid Server 7.5).

2. Security Fixes¶

• [Important] Incorrect locking in TTY subsystem could lead to use-after-free conditions and cause memory corruption. (CVE-2020-29661)

• [Moderate] ‘Bad unlock balance’ error in ipmr_mfc_seq_stop(). It was discovered that the implementation of IPv6 multicast routing could try to access wrong data when a user tried to read certain files in /proc. An attacker could exploit that from a container to trigger ‘bad unlock balance’ error in ipmr_mfc_seq_stop(), followed by a kernel crash. (PSBM-122990)

• [Moderate] Soft lockup in ext4_ext_find_extent(). It was discovered that certain ioctl operations in ext4 did not check their arguments properly. An attacker could exploit that from a container to trigger soft lockups in ext4_ext_find_extent() function, which could result in a denial of service. (PSBM-122991)

3. Bug Fixes¶

• Userspace processes could crash with ‘double free or corruption’ errors due to a lost TLB flush in the kernel. (PSBM-124581)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-163.46-122.0-1.vl7/

• https://access.redhat.com/security/cve/cve-2020-29661

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2021-006.json.