5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
39.6%
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo 7.0 kernels 3.10.0-514.16.1.vz7.30.10 (7.0.4), 3.10.0-514.16.1.vz7.30.15 (7.0.4 HF3), 3.10.0-514.26.1.vz7.33.22 (7.0.5), 3.10.0-693.1.1.vz7.37.30 (7.0.6), 3.10.0-693.11.6.vz7.40.4 (7.0.6 HF3), and 3.10.0-693.17.1.vz7.43.10 (7.0.7).
Vulnerability id: CVE-2018-1120
By mmap()ing a FUSE-backed file onto a process’s memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-54.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-54.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-54.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-54.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-54.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-54.0-1.vl7/
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
39.6%