readykernel-patch-37.30-40.0-1.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-693.1.1.vz7.37.30
Release Date:
2017-12-18 13:52:34
  • PSBM-78078

    Containers failed to restart because their VEIP addresses were not released.

    The kernel could consider a container stopped before the resources of that container, for example, VEIP addresses, have been released. As a result, the system could fail to restart the container.
  • PSBM-78342

    FUSE: kernel warning in request_end().

    A warning about FR_PENDING bit was printed by request_end() because fuse_request_send_background() did not clear that bit.
  • PSBM-78904

    Potential use-after-free in the processing of namespaces.

    Potential use-after-free in the processing of namespaces.
  • PSBM-78354

    tcache: kernel warning in tcache_invalidate_node_pages().

    When there were more than two users of a page, __tcache_page_tree_delete() failed to freeze it. The page would never be invalidated and tcache_node->nr_pages would never be decremented. A kernel warning would be output as a result.
  • PSBM-77154

    tcache: unnecessary BUG_ON()s.

    Many of the issues that BUG_ON()s were supposed to catch in tcache were not serious enough to crash the kernel. A warning will now be output in such cases instead.
  • CVE-2017-1000407

    KVM: DoS via write flood to I/O port 0x80.

    A vulnerability was found in the kernel virtualization module (KVM) for the Intel processors. A guest system could flood the I/O port 0x80 with write requests, which could crash the host kernel, resulting in DoS.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000407
  • CVE-2017-8824

    Use-after-free in DCCP socket handling.

    A vulnerability was found in DCCP socket handling code. dccp_disconnect() set the socket state to DCCP_CLOSED but did not properly free some of the resources associated with that socket. This could result in a use-after-free and could potentially allow an attacker to escalate their privileges.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8824
  • CVE-2017-1000405

    PMD can become dirty without going through a COW cycle.

    A flaw was found in the patches used to fix the 'Dirty COW' vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000405
  • CVE-2017-16939

    ipsec: xfrm: use-after-free leading to potential privilege escalation.

    The Linux kernel is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system.
    https://bugzilla.redhat.com/show_bug.cgi?id=1517220
  • PSBM-77949

    Vstorage service hung in wait_iff_congested().

    Vstorage service hung in wait_iff_congested() in some cases. The problem was twofold. First, excessive COMMIT operations made by releasepage() in NFS resulted in performance degradation. Second, the non-optimal implementation of splice() operation in FUSE decreased performance as well.