[Important] [Security] Virtuozzo ReadyKernel patch 125.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure. NOTE: No more ReadyKernel updates are planned for the kernel 3.10.0-957.12.2.vz7.96.21, support for which ends with this update.
Vulnerability id: CVE-2021-27365
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Heap buffer overflow in the iSCSI subsystem. It was discovered that the kernel did not check the size of certain iSCSI-related data structures when presenting them in sysfs. A local unprivileged attacker could exploit this (by sending a specially crafted netlink message) to cause a denial of service (system crash) or possibly execute arbitrary code.

Vulnerability id: CVE-2021-27364
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Out-of-bounds read in the iSCSI subsystem. It was discovered that a local unprivileged attacker could use specially crafted netlink messages to trigger an out-of-bounds read in ‘scsi_transport_iscsi’ module. The kernel could crash as a result.

Vulnerability id: CVE-2021-27363
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Unrestricted access to sessions and handles in the iSCSI subsystem. It was discovered that the kernel did not properly restrict access to iSCSI sessions and transport handles. A local unprivileged attacker could use this to end arbitrary iSCSI sessions (potentially causing a denial of service) or to expose locations of certain kernel structures.