Lucene search

K
virtuozzoVirtuozzoVZA-2021-017
HistoryApr 05, 2021 - 12:00 a.m.

[Important] [Security] Virtuozzo ReadyKernel patch 125.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0

2021-04-0500:00:00
help.virtuozzo.com
52

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.8%

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure. NOTE: No more ReadyKernel updates are planned for the kernel 3.10.0-957.12.2.vz7.96.21, support for which ends with this update.
Vulnerability id: CVE-2021-27365
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Heap buffer overflow in the iSCSI subsystem. It was discovered that the kernel did not check the size of certain iSCSI-related data structures when presenting them in sysfs. A local unprivileged attacker could exploit this (by sending a specially crafted netlink message) to cause a denial of service (system crash) or possibly execute arbitrary code.

Vulnerability id: CVE-2021-27364
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Out-of-bounds read in the iSCSI subsystem. It was discovered that a local unprivileged attacker could use specially crafted netlink messages to trigger an out-of-bounds read in ‘scsi_transport_iscsi’ module. The kernel could crash as a result.

Vulnerability id: CVE-2021-27363
[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Unrestricted access to sessions and handles in the iSCSI subsystem. It was discovered that the kernel did not properly restrict access to iSCSI sessions and transport handles. A local unprivileged attacker could use this to end arbitrary iSCSI sessions (potentially causing a denial of service) or to expose locations of certain kernel structures.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.8%