[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.5¶
Issue date: 2021-02-05
Applies to: Virtuozzo Hybrid Server 7.5
Virtuozzo Advisory ID: VZA-2021-006
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to the kernel 3.10.0-1127.18.2.vz7.163.46 (Virtuozzo Hybrid Server 7.5).
2. Security Fixes¶
[Important] Incorrect locking in TTY subsystem could lead to use-after-free conditions and cause memory corruption. (CVE-2020-29661)
[Moderate] ‘Bad unlock balance’ error in ipmr_mfc_seq_stop(). It was discovered that the implementation of IPv6 multicast routing could try to access wrong data when a user tried to read certain files in /proc. An attacker could exploit that from a container to trigger ‘bad unlock balance’ error in ipmr_mfc_seq_stop(), followed by a kernel crash. (PSBM-122990)
[Moderate] Soft lockup in ext4_ext_find_extent(). It was discovered that certain ioctl operations in ext4 did not check their arguments properly. An attacker could exploit that from a container to trigger soft lockups in ext4_ext_find_extent() function, which could result in a denial of service. (PSBM-122991)
3. Bug Fixes¶
Userspace processes could crash with ‘double free or corruption’ errors due to a lost TLB flush in the kernel. (PSBM-124581)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2021-006.json.