Important kernel security update: Virtuozzo ReadyKernel patch 87.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0

2019-09-2300:00:00

help.virtuozzo.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

28.6%

JSON

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported kernels of Virtuozzo 7.0 and Virtuozzo Infrastructure Platform.
Vulnerability id: CVE-2019-14835
[3.10.0-693.17.1.vz7.43.10 to 3.10.0-957.12.2.vz7.96.21] vhost-net: guest to host kernel escape during migration. A buffer overflow vulnerability was found in the networking virtualization functionality (vhost-net) that could be abused during live migration of virtual machines. A privileged guest user may pass descriptors with invalid length to the host when live migration is underway to crash the host kernel or, potentially, escalate their privileges on the host.

OSVersionArchitecturePackageVersionFilename
Virtuozzo7.0x86_64readykernel-patch-43.10< 87.0-1.vl7readykernel-patch-43.10-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-46.7< 87.0-1.vl7readykernel-patch-46.7-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-48.2< 87.0-1.vl7readykernel-patch-48.2-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-63.3< 87.0-1.vl7readykernel-patch-63.3-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-64.7< 87.0-1.vl7readykernel-patch-64.7-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-73.24< 87.0-1.vl7readykernel-patch-73.24-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-73.29< 87.0-1.vl7readykernel-patch-73.29-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-85.17< 87.0-1.vl7readykernel-patch-85.17-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-86.2< 87.0-1.vl7readykernel-patch-86.2-87.0-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-96.21< 87.0-1.vl7readykernel-patch-96.21-87.0-1.vl7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Virtuozzo	7.0	x86_64	readykernel-patch-43.10	< 87.0-1.vl7	readykernel-patch-43.10-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-46.7	< 87.0-1.vl7	readykernel-patch-46.7-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-48.2	< 87.0-1.vl7	readykernel-patch-48.2-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-63.3	< 87.0-1.vl7	readykernel-patch-63.3-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-64.7	< 87.0-1.vl7	readykernel-patch-64.7-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-73.24	< 87.0-1.vl7	readykernel-patch-73.24-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-73.29	< 87.0-1.vl7	readykernel-patch-73.29-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-85.17	< 87.0-1.vl7	readykernel-patch-85.17-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-86.2	< 87.0-1.vl7	readykernel-patch-86.2-87.0-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-96.21	< 87.0-1.vl7	readykernel-patch-96.21-87.0-1.vl7.x86_64.rpm