readykernel-patch-40.4-47.0-1.vl7

Kernel Update Version:
3.10.0-693.11.6.vz7.40.4
Release Date:
2022-03-02 08:28:02
  • CVE-2018-1068

    ebtables: out-of-bounds write via userland offsets in ebt_entry struct.

    It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received from the user space. A local user with enough privileges in the user and network namespaces could use that to trigger an out-of-bounds write to the kernel address space.
    https://bugzilla.redhat.com/show_bug.cgi?id=1552048
  • PSBM-82021

    Potential kernel hang (lockup) during destruction of cgroups.

    'memory' and 'memsw' counters could be overcharged when the limit of 'kmem' counter was reached. This would result in a kernel lockup during destruction of cgroups.
  • PSBM-81939

    Potential kernel hang (endless loop) in try_charge().

  • PSBM-81600

    Ploop: some IO requests were not marked as completed in case of errors.

  • PSBM-81488

    High cpu usage in isolate_freepages_block().

    vstorage-mount spent a lot of time in isolate_freepages_block() in some cases, causing performance issues.
  • PSBM-81509

    Memcg swpin/swpout stats were calculated incorrectly.

  • PSBM-81264

    Memory cgroups were not released when starting/stopping a container with Docker.

    Memory cgroups were not correctly released during start/stop of a container with Docker. If the node had a significant amount of containers with Docker, this could lead to stopped containers not starting again.
  • PSBM-80340

    Hard lockups happened when the kernel was processing SAK (Secure Attention Key).

  • PSBM-81033

    Docker v17.11 and newer failed to start in a container.

    Starting from v17.11, Docker checks is all cgroups are mounted and refuses to start if some cgroups are not. Some of Virtuozzo-specific cgroups were visible in the containers and were not mounted there, which prevented Docker from starting properly.
  • PSBM-81090

    Kernel crash in mem_cgroup_iter().

  • PSBM-80839

    Potential denial of service due to extensive memory consumption.

    It was discovered that some operations with files in a container could lead to denial of service on the host due to extensive memory consumption.
  • CVE-2018-5344

    loop: potential data race between open() and release() leading to use-after-free.

    It was found that release() operation for the loop devices has insufficient protection for the device structures against the accesses from the concurrent open() operations. A local attacker can use specially arranged concurrent operations with a loop device to cause a denial of service (kernel crash due to a use-after-free error).
    https://bugzilla.redhat.com/show_bug.cgi?id=1533909
  • CVE-2017-18017

    netfilter: Use-after-free in tcpmss_mangle_packet().

    If the system uses iptables and there are iptables rules with TCPMSS action there, a remote attacker may cause a denial of service (use-after-free in tcpmss_mangle_packet function leading to memory corruption) or possibly have unspecified other impact by sending specially crafted network packets.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18017