Lucene search

K
virtuozzoVirtuozzoVZA-2019-076
HistoryOct 01, 2019 - 12:00 a.m.

Kernel security update: Virtuozzo ReadyKernel patch 88.0 for Virtuozzo 7.0.7

2019-10-0100:00:00
help.virtuozzo.com
25

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.018 Low

EPSS

Percentile

88.3%

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernel 3.10.0-693.17.1.vz7.43.10 (Virtuozzo 7.0.7). NOTE: No more patches are planned for this kernel, support for which ends with this update.
Vulnerability id: CVE-2019-11810
megaraid_sas: potential kernel crash due to a NULL pointer dereference in megasas_free_cmds(). A flaw was found in β€˜megaraid_sas’ kernel module. NULL pointer dereference can occur in megasas_free_cmds() function due incorrect error handling in megasas_alloc_cmds(). An attacker could exploit this to trigger a kernel crash.

OSVersionArchitecturePackageVersionFilename
Virtuozzo7.0x86_64readykernel-patch-43.10<Β 88.0-1.vl7readykernel-patch-43.10-88.0-1.vl7.x86_64.rpm

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.018 Low

EPSS

Percentile

88.3%