readykernel-patch-18.7-3.0-1.vl7

An error was found in the x86 instruction decoder in KVM that may result in the kernel crash on the host. Trying to process some invalid instructions may trigger a NULL pointer dereference.

When file permissions are modified via chmod and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod.

It was found that sctp_add_bind_addr() may read more bytes than expected in case the parameter is a IPv4 address supplied by the user. The kernel might crash as a result.

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

virtio-net: tx stall due to failed allocations of large skbs.