It turns out Linux Kernels prior to 3.18 had a vulnerability that allowed the ability to crash the host by an unprivileged user. Coincidently, in September 2014, the problem was resolved in the mainstream Linux Kernels by an unrelated commit with ID c06cfb08b88d tagged as "KEYS: Remove key_type::match in favor of overriding default by match_preparse". However, since the problem had not been identified as a security vulnerability, Red Hat did not backport into RHEL7, based on the earlier version 3.10 kernel (and older kernel versions like in RHEL6).
As part of our regular security scanning, that we are deeply committed to at Virtuozzo, our security team discovered the issue in Virtuozzo 7. We contacted Red Hat and confirmed it as a security vulnerability coming from RHEL7 kernel, assigning the CVE ID CVE-2017-2647. The fix became available to our customers even sooner than any other Linux distributions with Virtuozzo Platform users receiving it automatically without reboot via ReadyKernel service.
Lesson learned? Scanning for security risks never stops and you never know when new threats can arise.
Don't go it alone!
Keeping your Linux Kernel updated and secure is easier than ever with Virtuozzo ReadyKernel. Our team of experts are constantly on the lookout for new vulnerabilities, and if a patch is required, ReadyKernel automates the Kernel update for you with zero downtime. This saves you and your team tons of time by eliminating scheduled maintenance and downtime.
Virtuozzo ReadyKernel comes complementary with the Virtuozzo Platform, and can be purchased for other Linux distributions for just $5 per month per node.