readykernel-patch-46.7-49.0-1.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-693.21.1.vz7.46.7
Release Date:
2018-05-04 10:55:14
  • CVE-2017-17807

    Missing permissions check for request_key() destination allows local attackers to add keys to keyring without write permission.

    The KEYS subsystem omitted an access-control check when writing a key to the default keyring of the current task, allowing a local user to bypass security checks for the keyring. This compromised the validity of the keyring for those who relied on it.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-17807
  • CVE-2017-17450

    System-wide OS fingerprint list was accessible to unprivileged users.

    It was discovered that xt_osf_fingers data structure was accessible from any network namespace. This allowed unprivileged local users to bypass intended access restrictions and modify the system-wide OS fingerprint list used by specific iptables rules.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-17450
  • CVE-2017-17449

    Netlink monitor created in a namespace could observe system-wide activity.

    It was discovered that a nlmon link inside a child network namespace was not restricted to that namespace. An unprivilged local user could exploit that to monitor system-wide netlink activity.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-17449
  • CVE-2017-17448

    Potential unprivileged access to the kernel structures used by netfilter conntrack helpers.

    It was discovered that nfnl_cthelper_list structure was accessible to any user with CAP_NET_ADMIN capability in a network namespace. An unprivilged local user could exploit that to affect netfilter conntrack helpers on the host.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-17448
  • PSBM-83691

    Kernel crash in shrink_slab() when trying to mount an image with a broken ext4 file system.

  • PSBM-83628

    Offlined memory cgroups were not destroyed for a long time.

    It was found that offlined memory cgroups were not destroyed for a long time in some cases. As a result, the system could hit the limit on cgroups (65535) and would be unable to create new ones.
  • PSBM-83746

    Kernel crash in move_freepages() due to incorrect BUG_ON() check.

    It was discovered that the BUG_ON() check in move_freepages() did not verify that the relevant memory pages were valid. The kernel could crash as a result.
  • PSBM-83874

    Kernel crash (stack overflow) caused by lots of internal mounts.

    It was discovered that clone_mnt() did not clear MNT_INTERNAL flag for the internal mounts. As a result, the kernel could crash due to a stack overflow if lots of bind mounts of /proc/*/ns/* were created in a new namespace.
    https://www.spinics.net/lists/netdev/msg496514.html
  • PSBM-83474

    Kernel crash in ip6mr_sk_done().

    If the kernel failed to create an IPv6 socket, for example, due to cgroup.memsw limit, it would crash in ip6mr_sk_done() when trying to clean up multicast routes.
  • PSBM-83692

    Kernel crash in dccp_write_xmit().

    (CVE-2018-1130) If "dccp_ipv6" module was loaded on the host, a local unprivileged user could trigger a kernel crash in dccp_write_xmit() or inet_csk_get_port() using a specially crafted sequence of system calls.
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2