Important kernel security update: CVE-2017-8824 and other; Virtuozzo ReadyKernel patch 42.0 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.42.0.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.42.0.vz7.20.18 (Virtuozzo 7.0.3).
Vulnerability id: CVE-2017-8824
A vulnerability was found in DCCP socket handling code. dccp_disconnect() set the socket state to DCCP_CLOSED but did not properly free some of the resources associated with that socket. This could result in a use-after-free and could potentially allow an attacker to escalate their privileges.

Vulnerability id: CVE-2017-16939
The Linux kernel is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system.

Vulnerability id: CVE-2017-15129
The function get_net_ns_by_id() does not check the net.count value when processing a peer network, which could lead to double free and memory corruption. An unprivileged local user could use this vulnerability to crash the system.

Vulnerability id: CVE-2017-18017
If the system uses iptables and there are iptables rules with TCPMSS action there, a remote attacker could cause a denial of service (use-after-free in tcpmss_mangle_packet function leading to memory corruption) or possibly have unspecified other impact by sending specially crafted network packets.

Vulnerability id: CVE-2017-1000405
A flaw was found in the patches used to fix the ‘Dirty COW’ vulnerability (CVE-2016-5195). An attacker, able to run local code, could exploit a race condition in transparent huge pages to modify usually read-only huge pages.