Important kernel security update: Virtuozzo ReadyKernel patch 80.0 for Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1), 3.10.0-862.20.2.vz7.73.24 and 3.10.0-862.20.2.vz7.73.29 (Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5).
Vulnerability id: CVE-2019-6974
A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.

Vulnerability id: CVE-2019-7221
A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.

Vulnerability id: PSBM-94535
It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.