Lucene search

K
virtuozzoVirtuozzoVZA-2023-004
HistoryMar 01, 2023 - 12:00 a.m.

[Important] [Security] Virtuozzo ReadyKernel Patch 154.2 for Virtuozzo Hybrid Server 7.5

2023-03-0100:00:00
docs.virtuozzo.com
94
virtuozzo hybrid server
security patch
cve-2022-2588
cve-2022-2639
cve-2022-3524
cve-2022-3566
psbm-145324
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.8%

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5.
Vulnerability id: CVE-2022-2588
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Use-after-free in the cls_route filter.

Vulnerability id: CVE-2022-2639
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] openvswitch: integer underflow leads to an out-of-bounds write.

Vulnerability id: CVE-2022-3524
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Memory leak in ipv6_renew_options.

Vulnerability id: CVE-2022-3566
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Data races around the icsk->icsk_af_ops pointer.

Vulnerability id: PSBM-145324
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Fix device_rename for containers.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.8%