9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
49.2%
This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab120.11 based on the Red Hat Enterprise Linux 6.8 kernel 2.6.32-642.6.1.el6. The new kernel provides security and stability fixes.
Vulnerability id: CVE-2016-1583
Stack overflow via ecryptfs and /proc/$pid/environ. It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.
Vulnerability id: CVE-2016-6828
Use after free in tcp_xmit_retransmit_queue. A use after free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.
Vulnerability id: CVE-2016-7910
block: fix use-after-free in seq file. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
Vulnerability id: CVE-2016-7911
block: fix use-after-free in sys_ioprio_get(). Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Virtuozzo | 6.0 | x86_64 | parallels-server-bm-release | < 6.0.11-3488 | parallels-server-bm-release-6.0.11-3488.x86_64.rpm |
Virtuozzo | 6.0 | x86_64 | vzkernel | < 2.6.32-042stab120.11 | vzkernel-2.6.32-042stab120.11.x86_64.rpm |
Virtuozzo | 6.0 | x86_64 | vzkernel-devel | < 2.6.32-042stab120.11 | vzkernel-devel-2.6.32-042stab120.11.x86_64.rpm |
Virtuozzo | 6.0 | noarch | vzkernel-firmware | < 2.6.32-042stab120.11 | vzkernel-firmware-2.6.32-042stab120.11.noarch.rpm |
Virtuozzo | 6.0 | x86_64 | vzmodules | < 2.6.32-042stab120.11 | vzmodules-2.6.32-042stab120.11.x86_64.rpm |
Virtuozzo | 6.0 | x86_64 | vzmodules-devel | < 2.6.32-042stab120.11 | vzmodules-devel-2.6.32-042stab120.11.x86_64.rpm |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
49.2%