Kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 3.0

2019-08-1300:00:00

help.virtuozzo.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-957.12.2.vz7.96.21 (Virtuozzo 7.0.11 and Virtuozzo Infrastructure Platform 3.0).
Vulnerability id: CVE-2018-16871
nfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

OSVersionArchitecturePackageVersionFilename
Virtuozzo7.0x86_64readykernel-patch-96.21< 85.0-1.vl7readykernel-patch-96.21-85.0-1.vl7.x86_64.rpm
Virtuozzo Infrastructure Platform3.0x86_64readykernel-patch-96.21< 85.0-1.vl7readykernel-patch-96.21-85.0-1.vl7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Virtuozzo	7.0	x86_64	readykernel-patch-96.21	< 85.0-1.vl7	readykernel-patch-96.21-85.0-1.vl7.x86_64.rpm
Virtuozzo Infrastructure Platform	3.0	x86_64	readykernel-patch-96.21	< 85.0-1.vl7	readykernel-patch-96.21-85.0-1.vl7.x86_64.rpm