Kernel update: Virtuozzo ReadyKernel patch 61.0 for Virtuozzo 7.0.8 and 7.0.8 HF1

2018-09-17T00:00:00
ID VZA-2018-070
Type virtuozzo
Reporter Virtuozzo
Modified 2018-09-17T00:00:00

Description

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to Virtuozzo 7.0.8 and 7.0.8 HF1. Vulnerability id: PSBM-87836 It was discovered that a container with NFS mounts could keep the files /var/lib/nfs/rpc_pipefs/nfs/clntX open, even if no NFS server was running there. As a result, CRIU reported errors when the users tried to migrate the container.

Vulnerability id: PSBM-88561 It was found that the implementation of ploop did not handle errors reported by kthread_create() properly. This could lead to a kernel crash in dio_open().

Vulnerability id: PSBM-88577 If an error occurred during execution of xfrm_net_init() when a new network namespace was created, xfrm_policy_lock could remain uninitialized. As a result, soft lockup could happen in xfrm_policy_flush() if it tried to acquire the lock after that.