7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.972 High
EPSS
Percentile
99.8%
The fixes for CVE-2019-11477 and CVE-2019-11478 released in the ReadyKernel patch 82.0 turned out to cause network-related issues. These fixes are removed in this ReadyKernel patch for the kernels 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1) and 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0.10 HF1). Until the issues with the kernel fixes are resolved, you may consider other mitigations for CVE-2019-11477 and CVE-2019-11478, outlined in the referred link: either to disable selective acknowledgments system-wide for TCP connections, or to use iptables to drop connections with an MSS size that may allow to exploit the vulnerability. In addition, the patch fixes a stability issue.
Vulnerability id: PSBM-95718
It was possible that two or more versions of ReadyKernel patches for the same kernel were installed and loaded at the same time. This could lead to kernel crashes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Virtuozzo | 7.0 | x86_64 | readykernel-patch-64.7 | < 82.2-1.vl7 | readykernel-patch-64.7-82.2-1.vl7.x86_64.rpm |
Virtuozzo | 7.0 | x86_64 | readykernel-patch-86.2 | < 82.2-1.vl7 | readykernel-patch-86.2-82.2-1.vl7.x86_64.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.972 High
EPSS
Percentile
99.8%