- Kernel Update Version:
- Release Date:
- 2019-03-20 10:08:02
Docker v17.11 and newer failed to start in a container.Starting from v17.11, Docker checks is all cgroups are mounted and refuses to start if some cgroups are not. Some of Virtuozzo-specific cgroups were visible in the containers and were not mounted there, which prevented Docker from starting properly.
Kernel crash in mem_cgroup_iter().
Potential denial of service due to extensive memory consumption.It was discovered that some operations with files in a container could lead to denial of service on the host due to extensive memory consumption.
loop: potential data race between open() and release() leading to use-after-free.It was found that release() operation for the loop devices has insufficient protection for the device structures against the accesses from the concurrent open() operations. A local attacker can use specially arranged concurrent operations with a loop device to cause a denial of service (kernel crash due to a use-after-free error).https://bugzilla.redhat.com/show_bug.cgi?id=1533909
netfilter: Use-after-free in tcpmss_mangle_packet().If the system uses iptables and there are iptables rules with TCPMSS action there, a remote attacker may cause a denial of service (use-after-free in tcpmss_mangle_packet function leading to memory corruption) or possibly have unspecified other impact by sending specially crafted network packets.https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18017