[Security] Virtuozzo ReadyKernel patch 124.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure.
Vulnerability id: PSBM-122965
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] ip_set: null pointer dereference in ip_set_utest(). It was discovered that an attacker could trigger a kernel crash (null pointer dereference) in ip_set_utest() by running a specially crafted sequence of system calls in a container.

Vulnerability id: PSBM-123063
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] ip_set: kernel crash in ip_set_comment_free(). It was discovered that an attacker could trigger a kernel crash (general protection fault) in ip_set_comment_free() by running a specially crafted sequence of system calls in a container.

Vulnerability id: CVE-2021-20265
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Memory leak in the implementation of unix sockets. It was discovered that the implementation of unix sockets did not free certain data structures if a signal was received while unix_stream_recvmsg() function was running. An unprivileged local attacker could exploit this memory leak to cause a denial of service.

Vulnerability id: CVE-2021-3178
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] If a subdirectory of a file system was exported via NFS, an attacker could use READDIRPLUS operation to access other parts of that file system.