[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Hybrid Server 7.5¶
Issue date: 2023-07-06
Applies to: Virtuozzo Hybrid Server 7.5
Virtuozzo Advisory ID: VZA-2023-018
1. Overview¶
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5.
2. Security Fixes¶
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Partial fix to prevent memory leak for some cases in the cgroup subsystem. (PSBM-147036)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the packet family socket in prb_retire_rx_blk_timer_expired(). (RK-337)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel data leak via spectre-like ‘gadget.’ (CVE-2023-0458)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel crash on mount invalid XFS image. (CVE-2023-2124 )
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the iSCSI driver. (CVE-2023-2162)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Out-of-bound memory access in the QFQ network packet scheduler. (CVE-2023-31436)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in ext4 setfattr. (CVE-2023-2513)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Missed the CR0 and CR4 register checks in KVM subsystem. (CVE-2023-30456)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A memory leak in the SCTP socket error path. (CVE-2023-1074)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Invalid memory access on mount invalid GFS2 image. (CVE-2023-3212)
[Important] [3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free while connecting Bluetooth. (CVE-2021-3640)
3. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running readykernel update.
4. References¶
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-191.4-157.3-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-185.3-157.3-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-183.5-157.3-1.vl7/
The new and updated packages are listed in the JSON file.