CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
40.7%
The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported kernels of Virtuozzo 7.0 and Virtuozzo Infrastructure Platform.
Vulnerability id: CVE-2019-14835
[3.10.0-693.17.1.vz7.43.10 to 3.10.0-957.12.2.vz7.96.21] vhost-net: guest to host kernel escape during migration. A buffer overflow vulnerability was found in the networking virtualization functionality (vhost-net) that could be abused during live migration of virtual machines. A privileged guest user may pass descriptors with invalid length to the host when live migration is underway to crash the host kernel or, potentially, escalate their privileges on the host.
access.redhat.com/security/vulnerabilities/kernel-vhost
bugzilla.redhat.com/show_bug.cgi?id=1750727
readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-87.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-87.0-1.vl7/
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
40.7%