readykernel-patch-63.3-56.0-3.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-862.9.1.vz7.63.3
Release Date:
2018-08-08 19:46:35
  • CVE-2017-18344

    Out-of-bounds access in show_timer() function.

    The implementation of timer_create system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18344