readykernel-patch-30.10-26.1-1.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-514.16.1.vz7.30.10
Release Date:
2017-07-19 13:06:39
  • PSBM-68472

    Kernel crash when accessing /proc/$PID/map_files.

    A data race was discovered in the implementation of /proc/$PID/map_files. A privileged user on the host could crash the kernel by using mmap and munmap for a file and simultaneously trying to access /proc/$PID/map_files.
  • PSBM-64050

    sctp: potential kernel crash in sctp_wait_for_sndbuf().

    If sctp module was loaded on the host, a privileged user inside a container could make sctp listen on a socket in an inappropriate state, causing a kernel crash (use-after-free in sctp_wait_for_sndbuf()).
  • PSBM-68362

    Kernel crash due to incorrect skb headroom calculation and missing checks.

    It was found that the kernel could crash (skb_under_panic) if an skb from a virtual (NETIF_F_VENET) device was processed in a particular networking configuration. The problem was caused by the incorrect skb headroom calculation and missing headroom checks.
  • PSBM-67513

    Kernel crash in ploop due to the list corruption during parallel push backups.

    A data race was discovered in ploop, which could lead to the kernel crash due to the list corruption during parallel push backups.
  • PSBM-68052

    The values shown in /proc/loadavg can be calculated incorrectly in some cases.

    A data race between calc_load_fold_active() and try_to_wake_up() was discovered. As a result of that race, the values shown in /proc/loadavg could be calculated incorrectly in some cases.
  • CVE-2017-11176

    Use-after-free in sys_mq_notify().

    The implementation of mq_notify system call in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
    https://bugzilla.redhat.com/show_bug.cgi?id=1470659
  • PSBM-64752

    ipv4: deadlock in ip_ra_control().

    A vulnerability was found in the implementation of setsockopt() operations in the Linux kernel. A privileged user inside a container could cause a DoS on the host (kernel deadlock in ip_ra_control() function) using a specially crafted sequence of system calls.
  • CVE-2017-7477

    net: Heap overflow in skb_to_sgvec in macsec.c.

    Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7477
  • CVE-2017-8797

    NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand.

    The NFSv4 server in the Linux kernel compiled with CONFIG_NFSD_PNFS enabled does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. The attack payload fits to single one-way UDP packet. The provided input value is used for array dereferencing. This may lead to a remote DoS of [knfsd] and so to a soft-lockup of a whole system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8797
  • PSBM-67263

    Use after free in vxlan_dellink().

    A vulnerability was found in the implementation of vxlan interfaces in the Linux kernel. A privileged user inside a container was able to trigger a use-after-free in vxlan_dellink() function with a special sequence of operations with vxlan interfaces, which could result in a system crash or could possibly have other unspecified impact.
  • PSBM-67221

    Kernel crash (general protection fault) in cleanup_timers().

    A vulnerability was found in the signal handling in the Linux kernel. A local unprivileged user may cause a kernel crash (general protection fault) in cleanup_timers() function by using rt_tgsigqueueinfo() system call with a specially crafted set of arguments.
  • PSBM-67300

    Kernel crash (NULL pointer dereference) in list_lru_destroy().

    Kernel crash (NULL pointer dereference) in list_lru_destroy().
  • PSBM-67076

    Kernel deadlocks in try_charge().

    When memcgroup reached memory limits, kernel may have entered an endless loop in try_charge(), and deadlocked.
  • PSBM-66468

    TCP cgroup memory pressure was checked incorrectly.

    TCP cgroup memory pressure was checked incorrectly resulting in lower network speed in certain conditions.
  • CVE-2017-9074

    IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option.

    The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG()) or possibly have unspecified other impact via crafted socket() and send() system calls.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-9074
  • CVE-2017-9075

    sctp_v6_create_accept_sk function mishandles inheritance.

    sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, an issue related to CVE-2017-8890. An unprivileged local user could use this flaw to cause corruption of the kernel memory in the system, leading to a crash.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-9075
  • CVE-2017-9077

    tcp_v6_syn_recv_sock function mishandles inheritance.

    tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, an issue related to CVE-2017-8890. An unprivileged local user could use this flaw to cause corruption of the kernel memory in the system, leading to a crash.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-9077
  • CVE-2017-9076

    IPv6 DCCP implementation mishandles inheritance.

    The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, an issue related to CVE-2017-8890. An unprivileged local user could use this flaw to cause corruption of the kernel memory in the system, leading to a crash.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-9076
  • CVE-2017-8890

    Double free in inet_csk_clone_lock() function in net/ipv4/inet_connection_sock.c.

    inet_csk_clone_lock() function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by using a specially crafted sequence of system calls including accept(). An unprivileged local user could use this flaw to cause corruption of the kernel memory in the system, leading to a crash.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8890
  • CVE-2017-7895

    NFSv3 server does not handle payload bounds checking of WRITE requests properly.

    The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly have unspecified other impact via crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7895
  • CVE-2017-7645

    nfsd: Incorrect handling of long RPC replies.

    The NFS2/3 RPC client could send long arguments to nfsd server. These encoded arguments are stored in an array of memory pages, and accessed via various pointer variables. Arbitrarily long arguments could make these pointers point outside the array, thus causing out-of-bounds memory access. A remote user/program could use this flaw to crash the kernel resulting in DoS.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7645
  • PSBM-65826

    sctp: Null pointer dereference in sctp_endpoint_destroy().

    If sctp module is loaded on the host, a privileged user inside a container can cause a kernel crash by triggering a NULL pointer dererefence in sctp_endpoint_destroy() function with a specially crafted sequence of system calls.
  • PSBM-65345

    User-triggerable BUG_ON() in unregister_netdevice_many().

    A privileged user inside a container can cause a kernel crash by triggering a BUG_ON in unregister_netdevice_many() function with a specially crafted sequence of system calls.