Important kernel security update: Virtuozzo ReadyKernel patch 90.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0

2019-11-05T00:00:00
ID VZA-2019-085
Type virtuozzo
Reporter Virtuozzo
Modified 2019-11-05T00:00:00

Description

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-693.21.1.vz7.46.7 (Virtuozzo 7.0.7 HF2), 3.10.0-693.21.1.vz7.48.2 (Virtuozzo 7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (Virtuozzo 7.0.8), 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1), 3.10.0-862.20.2.vz7.73.24 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-862.20.2.vz7.73.29 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-957.10.1.vz7.85.17 (Virtuozzo 7.0.10), 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0.10 HF1), 3.10.0-957.12.2.vz7.96.21 (Virtuozzo 7.0.11 and Virtuozzo Infrastructure Platform 3.0). NOTE: No more patches are planned for the kernel 3.10.0-693.21.1.vz7.46.7, support for which ends with this update. Vulnerability id: CVE-2019-5489 [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Page cache side channel attacks via mincore(). It was discovered that a local attacker could exploit mincore() system call to obtain information about memory pages of the running applications from the page cache even if the contents of these memory pages were not available to the attacker.

Vulnerability id: CVE-2018-14734 [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] infiniband: use-after-free in ucma_leave_multicast(). It was found that ucma_leave_multicast() function from 'rdma_ucm' module could try to access a certain data structure after the structure had been freed. This allows an attacker to induce kernel memory corruption, leading to a system crash or other unspecified impact.