Lucene search

K
virtuozzoVirtuozzoVZA-2020-010
HistoryJan 31, 2020 - 12:00 a.m.

Important kernel security update: New kernel 2.6.32-042stab142.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

2020-01-3100:00:00
help.virtuozzo.com
223

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%

This update provides a new kernel 2.6.32-042stab142.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. It is based on the RHEL 6.10 kernel 2.6.32-754.27.1.el6 and inherits security and stability fixes from it. The new kernel also provides internal stability fixes.
Vulnerability id: CVE-2019-14821
Kernel: KVM: OOB memory access via mmio ring buffer. This issue is not critical for Virtuozzo Containers for Linux 4.7 or Server Bare Metal 5.0, as these solutions do not use KVM.

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%