Lucene search

K
virtuozzoVirtuozzoVZA-2021-014
HistoryMar 12, 2021 - 12:00 a.m.

[Security] Virtuozzo ReadyKernel patch 124.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0

2021-03-1200:00:00
help.virtuozzo.com
54

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.4%

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure.
Vulnerability id: PSBM-122965
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] ip_set: null pointer dereference in ip_set_utest(). It was discovered that an attacker could trigger a kernel crash (null pointer dereference) in ip_set_utest() by running a specially crafted sequence of system calls in a container.

Vulnerability id: PSBM-123063
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] ip_set: kernel crash in ip_set_comment_free(). It was discovered that an attacker could trigger a kernel crash (general protection fault) in ip_set_comment_free() by running a specially crafted sequence of system calls in a container.

Vulnerability id: CVE-2021-20265
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Memory leak in the implementation of unix sockets. It was discovered that the implementation of unix sockets did not free certain data structures if a signal was received while unix_stream_recvmsg() function was running. An unprivileged local attacker could exploit this memory leak to cause a denial of service.

Vulnerability id: CVE-2021-3178
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] If a subdirectory of a file system was exported via NFS, an attacker could use READDIRPLUS operation to access other parts of that file system.

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.4%