[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to the kernels 3.10.0-957.12.2.vz7.96.21 (Virtuozzo Hybrid Server 7.0.11 and Virtuozzo Infrastructure Platform 3.0), 3.10.0-1062.4.2.vz7.116.7 (Virtuozzo Hybrid Server 7.0.12 HF1 and Virtuozzo Hybrid Infrastructure 3.5), 3.10.0-1062.12.1.vz7.131.10 (Virtuozzo Hybrid Server 7.0.13), 3.10.0-1127.8.2.vz7.151.14 (Virtuozzo Hybrid Server 7.0.14), 3.10.0-1127.8.2.vz7.158.8 (Virtuozzo Hybrid Infrastructure 4.0).
Vulnerability id: CVE-2020-29661
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.8.2.vz7.158.8] Incorrect locking in TTY subsystem could lead to use-after-free conditions and cause memory corruption.

Vulnerability id: PSBM-122990
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.8.2.vz7.158.8] ‘Bad unlock balance’ error in ipmr_mfc_seq_stop(). It was discovered that the implementation of IPv6 multicast routing could try to access wrong data when a user tried to read certain files in /proc. An attacker could exploit that from a container to trigger ‘bad unlock balance’ error in ipmr_mfc_seq_stop(), followed by a kernel crash.

Vulnerability id: PSBM-122991
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.8.2.vz7.158.8] Soft lockup in ext4_ext_find_extent(). It was discovered that certain ioctl operations in ext4 did not check their arguments properly. An attacker could exploit that from a container to trigger soft lockups in ext4_ext_find_extent() function, which could result in a denial of service.