Virtuozzo 7 : readykernel-patch (VZA-2018-050)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - The implementation of timercreate system call in the Linux kernel before 4.14.8 doesn't properly validate the...

Important kernel security update: CVE-2017-18344; Virtuozzo ReadyKernel patch 56.0 for all supported Virtuozzo 7.0 kernels

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo 7.0 kernels. Vulnerability id: CVE-2017-18344 The implementation of timercreate system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigevnotif...

CVE-2017-18344

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...

CVE-2017-18344

CVE-2017-18344 affects the Linux kernel before 4.14.8. The timer_create syscall in kernel/time/posix-timers.c fails to validate sigevent->sigev_notify, causing out-of-bounds access in show_timer when /proc/$PID/timers is read and enabling a local user to read arbitrary kernel memory on builds ...

CVE-2017-18344

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This allows userspace applications ...