9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.1%
This update provides a new kernel 2.6.32-042stab144.1 for Virtuozzo 6.0. It is based on the RHEL 6.10 kernel 2.6.32-754.29.2.el6 and inherits security and stability fixes from it. The new kernel also provides internal security and stability fixes.
Vulnerability id: CVE-2020-10711
Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic.
Vulnerability id: CVE-2019-17666
kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow.
Vulnerability id: CVE-2019-17133
kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c.
Vulnerability id: CVE-2020-11565
kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c.
Vulnerability id: CVE-2020-8648
kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c.
Vulnerability id: CVE-2019-17055
kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
Vulnerability id: CVE-2019-15916
kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service.
Vulnerability id: CVE-2017-1000371
kernel: offset2lib allows for the stack guard page to be jumped over.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Virtuozzo | 6.0 | x86_64 | parallels-server-bm-release | < 6.0.12-3757 | parallels-server-bm-release-6.0.12-3757.x86_64.rpm |
Virtuozzo | 6.0 | x86_64 | vzkernel | < 2.6.32-042stab144.1 | vzkernel-2.6.32-042stab144.1.x86_64.rpm |
Virtuozzo | 6.0 | x86_64 | vzkernel-devel | < 2.6.32-042stab144.1 | vzkernel-devel-2.6.32-042stab144.1.x86_64.rpm |
Virtuozzo | 6.0 | noarch | vzkernel-firmware | < 2.6.32-042stab144.1 | vzkernel-firmware-2.6.32-042stab144.1.noarch.rpm |
Virtuozzo | 6.0 | x86_64 | vzmodules | < 2.6.32-042stab144.1 | vzmodules-2.6.32-042stab144.1.x86_64.rpm |
Virtuozzo | 6.0 | x86_64 | vzmodules-devel | < 2.6.32-042stab144.1 | vzmodules-devel-2.6.32-042stab144.1.x86_64.rpm |
access.redhat.com/errata/RHSA-2020:0790
access.redhat.com/errata/RHSA-2020:1524
access.redhat.com/errata/RHSA-2020:2103
www.redhat.com/security/data/cve/CVE-2017-1000371.html
www.redhat.com/security/data/cve/CVE-2019-15916.html
www.redhat.com/security/data/cve/CVE-2019-17055.html
www.redhat.com/security/data/cve/CVE-2019-17133.html
www.redhat.com/security/data/cve/CVE-2019-17666.html
www.redhat.com/security/data/cve/CVE-2020-10711.html
www.redhat.com/security/data/cve/CVE-2020-11565.html
www.redhat.com/security/data/cve/CVE-2020-8648.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.1%