readykernel-patch-20.18-18.0-1.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-327.36.1.vz7.20.18
Release Date:
2017-04-11 16:19:51
  • PSBM-44587

    Kernel crash in synchronize_mapping_faults_vma() when pfcache is active.

    Kernel crash in synchronize_mapping_faults_vma() when pfcache is active.
  • PSBM-52369

    Kernel crash in cgroup_show_path() while running rkt in a container.

    Kernel crash in cgroup_show_path() while running rkt in a container.
  • PSBM-63197

    L1 VZ7 guest: kernel crash due to a race between attach and invalidate page.

    L1 VZ7 guest: kernel crash due to a race between attach and invalidate page.
  • CVE-2017-2636

    Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release().

    A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2636
  • CVE-2017-7308

    Integer overflows in packet_set_ring().

    The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls.
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308
  • CVE-2017-7184

    Local privilege escalation in XFRM framework.

    It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.
    http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7184.html
  • CVE-2017-2647

    Null pointer dereference in search_keyring().

    A flaw was discovered in the Linux kernel's key subsystem. Calling request_key() system call with the specially crafted set of arguments may result in a NULL-pointer dereference inside search_keyring() function. A local unprivileged user can use this vulnerability to crash the system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2647
  • CVE-2017-6214

    ipv4/tcp: Infinite loop in tcp_splice_read().

    The tcp_splice_read function in net/ipv4/tcp.c allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-6214
  • PSBM-57512

    A privileged user inside a container can cause a host kernel crash in udp_lib_get_port().

  • PSBM-59964

    Broken isolation for some of 'ip ntable' settings.

  • CVE-2017-6074

    Use after free in the implementation of DCCP protocol.

    A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-6074
  • PSBM-57511

    General protection fault in sendmsg() -> netlink_sendmsg() -> netlink_unicast().

  • PSBM-57499

    NULL pointer dereference in write() -> netlink_sendmsg() -> netlink_unicast().

  • PSBM-59983

    iptables: forwarding does not work with '--netfilter full'.

  • CVE-2017-2584

    kvm: use after free in complete_emulated_mmio.

    Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to a use after free flaw. It could occur on x86 platform, when emulating instructions fxsave, fxrstor, sgdt, etc. A user/process could use this flaw to crash the host kernel resulting in DoS.
    https://bugzilla.redhat.com/show_bug.cgi?id=1413001
  • CVE-2017-2583

    kvm: vmx/svm potential privilege escalation inside guest.

    Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect segment selector (SS) value error. The error could occur while loading values into the SS register in long mode. A user/process inside guest could use this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest.
    https://bugzilla.redhat.com/show_bug.cgi?id=1414735
  • PSBM-57915

    fs/fadvise: a way was needed to deactivate pages after cached reads.

    Support for FADV_DEACTIVATE flag (fs/fadvise) was added to the kernel to address this.
  • CVE-2015-8539

    Keys: general protection fault in trusted_update().

    A flaw was found in the handling of negatively instantiated keys in the Linux kernel. A local unprivileged user can use this vulnerability to crash the system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8539
  • CVE-2016-9806

    Potential double free in netlink_dump().

    A double free vulnerability was found in netlink_dump(), which could cause a denial of service or possibly other unspecified impact.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9806
  • CVE-2016-8645

    A BUG() statement can be hit in net/ipv4/tcp_input.c.

    It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8645
  • CVE-2016-2053

    Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

    A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2053
  • CVE-2016-3070

    Null pointer dereference in trace_writeback_dirty_page().

    An attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3070