Kernel security update: Virtuozzo ReadyKernel patch 113.10 for Virtuozzo Hybrid Server 7.0

2020-08-0600:00:00

help.virtuozzo.com

171

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-1062.12.1.vz7.131.10 (Virtuozzo Hybrid Server 7.0.13), 3.10.0-1127.8.2.vz7.151.14 (Virtuozzo Hybrid Server 7.0.14).
Vulnerability id: CVE-2020-0305
[3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1127.8.2.vz7.151.14] Possible use-after-free error due to a race condition in cdev_get(). It was discovered that use-after-free condition was possible in cdev_get() if multiple processes simultaneously accessed a character device in a certain way. A local attacker could potentially exploit this to crash the kernel.

OSVersionArchitecturePackageVersionFilename
Virtuozzo Hybrid Server7.0x86_64readykernel-patch-131.10< 113.10-1.vl7readykernel-patch-131.10-113.10-1.vl7.x86_64.rpm
Virtuozzo Hybrid Server7.0x86_64readykernel-patch-151.14< 113.10-1.vl7readykernel-patch-151.14-113.10-1.vl7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Virtuozzo Hybrid Server	7.0	x86_64	readykernel-patch-131.10	< 113.10-1.vl7	readykernel-patch-131.10-113.10-1.vl7.x86_64.rpm
Virtuozzo Hybrid Server	7.0	x86_64	readykernel-patch-151.14	< 113.10-1.vl7	readykernel-patch-151.14-113.10-1.vl7.x86_64.rpm