5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.008 Low
EPSS
Percentile
81.4%
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.0 and Virtuozzo Infrastructure Platform.
Vulnerability id: CVE-2020-10711
[3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.12.1.vz7.131.10] netlabel: kernel crash (null pointer dereference) while processing a specially crafted CIPSO packet. A NULL pointer dereference was found in the implementation of SELinux. The issue occurs while importing the Commercial IP Security Option (CIPSO) protocol category bitmap into SELinux extensible bitmap. Parsing of a specially crafted CIPSO packet sent by a remote attacker could lead to a kernel crash (remote DoS).
Vulnerability id: CVE-2019-20812
[3.10.0-862.20.2.vz7.73.24 to 3.10.0-1127.8.2.vz7.151.14] af_packet: potential soft lockup in case of certain errors when using TPACKET_V3. It was found that if TPACKET_V3 was used and the kernel failed to obtain certain settings from a relevant network device, the retirement timer could be set incorrectly in the implementation AF_PACKET protocol. This could result in soft lockups and excessive CPU usage.
Vulnerability id: CVE-2020-10732
[3.10.0-862.20.2.vz7.73.24 to 3.10.0-1127.8.2.vz7.151.14] Core dumps of some processes could contain uninitialized kernel data. It was discovered that core dumps of userspace processes could contain copies of uninitialized kernel memory areas in certain cases. Although it is difficult for an attacker to control what data is in these areas, this issue, in theory, could be used to obtain sensitive information from the kernel.
Vulnerability id: CVE-2020-10769
[3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.12.1.vz7.131.10] crypto/authenc: kernel crash in crypto_ahash_setkey() when payload of a key is longer than 4 bytes and is not aligned. An out-of-bounds read was found in the implementation of IPsec cryptographic algorithms (‘authenc’ module). When payload of a key was longer than 4 bytes but was not properly aligned, crypto_authenc_extractkeys() function could try to read data from a wrong location. This could lead to a kernel crash in crypto_ahash_setkey().
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-20812
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10769
readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-110.0-1.vl7/
readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-110.0-1.vl7/
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.008 Low
EPSS
Percentile
81.4%