Kernel security update: Virtuozzo ReadyKernel patch 11.0 for kernel 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

The cumulative Virtuozzo ReadyKernel patch updated with security fixes as well as a usability bug fix. The patch applies to Virtuozzo 7.0.3.
Vulnerability id: CVE-2016-9806
A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact.

Vulnerability id: CVE-2016-8645
It was discovered that the Linux kernel since 3.6-rc1 with ‘net.ipv4.tcp_fastopen’ set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.

Vulnerability id: PSBM-57511
A flaw was found in the way nfnetlink validated length of batch messages that could allow a user logged in to a container as root to cause a general protection fault and crash the host.

Vulnerability id: PSBM-57499
A flaw was found in the way nfnetlink handled errors while processing batch messages that could allow a user logged in to a container as root to trigger use after free and crash the host.

Vulnerability id: CVE-2016-3070
A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.