readykernel-patch-183.5-144.1-1.vl7

Kernel Update Version:
3.10.0-1160.41.1.vz7.183.5
Release Date:
2022-07-27 13:05:01
  • CVE-2022-1966

    Use-after-free in the netfilter subsystem.

    The bug allows to initialize a non-stateful lookup expressions which points to a not properly detached set, which might lead to UAF. Potetntially it leads to privilege escalation.
    https://access.redhat.com/security/cve/CVE-2022-1966
  • PSBM-139465

    CPU hotplug leads to a VM crash on AMD processors with PCID.

  • CVE-2022-0492

    Potential privilege escalation when setting the release_agent.

    Setting release_agent could potentially lead to privilege escalation from unprivileged users inside a container to the container root. It couldn't be exploited to escape containers.
    https://access.redhat.com/security/cve/CVE-2022-0492
  • CVE-2021-0920

    Potential use-after-free in the 'recv' operation of UNIX domain sockets.

    Race condition between the garbage collector and the 'recv' operation with MSG_PEEK flag was found in the implementation of UNIX domain sockets. It could result in use-after-free and could potentially allow a local attacker to escalate their privileges in the system.
    https://access.redhat.com/security/cve/CVE-2021-0920
  • CVE-2021-4083

    Read-after-free in garbage collection for Unix domain socket file handlers.

  • CVE-2021-4028

    Use-after-free in RDMA listen().

  • PSBM-136140

    A flaw in XFS allows non-root users to read raw data from a mounted block device (CVE-2021-4155).

  • PSBM-136851

    Potential memory corruption in nfsd4_lock().

  • PSBM-136295

    fs/locks.c: Node crash BUG in locks_insert_block().

  • PSBM-136369

    fs: potential kernel crash in inode_permission() when processing paths containing '..'.

  • PSBM-134905

    nfsd: memory corruption and kernel crash in nfsd4_lock.

    It was discovered that certain operations with locks on NFS could result in a memory corruption and kernel crash in nfsd4_lock(). Note that, although the patch prevents new issues of this kind, it cannot fix the corruptions that have already occurred. So, kernel crashes are still possible even within a few hours after the ReadyKernel update has been applied, but should disappear after the reboot of the affected nodes.
  • PSBM-131551

    Virtual machines might fail to start on a host with AMD Milan CPU.

    It was discovered that virtual machines on the hosts with AMD Milan CPUs could try to set IA32_SPEC_CTRL MSR during their startup and would fail to start: qemu-kvm would be killed by SIGABRT.
  • PSBM-134323

    Memory allocation failed unexpectedly in __add_to_page_cache_locked().

    Ext4 FS was unexpectedly remounted read-only in a container after the container reached the limits set in the memory cgroup. It happened because the relevant memory allocations failed in __add_to_page_cache_locked while __GFP_NOFAIL flag was dropped for certain reason.
  • VSTOR-55377

    A hole in vstorage FUSE synchronization protocol leading to unsynchronized chunks.

  • PSBM-141136

    ms/xfrm: fix crash in XFRM_MSG_GETSA netlink handler