VirtuozzoVZA-2023-018[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Hybrid Server 7.5
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.1%
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5.
Vulnerability id: PSBM-147036
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Partial fix to prevent memory leak for some cases in the cgroup subsystem.
Vulnerability id: RK-337
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the packet family socket in prb_retire_rx_blk_timer_expired().
Vulnerability id: CVE-2023-0458
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel data leak via spectre-like ‘gadget.’
Vulnerability id: CVE-2023-2124
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel crash on mount invalid XFS image.
Vulnerability id: CVE-2023-2162
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the iSCSI driver.
Vulnerability id: CVE-2023-31436
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Out-of-bound memory access in the QFQ network packet scheduler.
Vulnerability id: CVE-2023-2513
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in ext4 setfattr.
Vulnerability id: CVE-2023-30456
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Missed the CR0 and CR4 register checks in KVM subsystem.
Vulnerability id: CVE-2023-1074
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A memory leak in the SCTP socket error path.
Vulnerability id: CVE-2023-3212
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Invalid memory access on mount invalid GFS2 image.
Vulnerability id: CVE-2021-3640
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free while connecting Bluetooth.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Virtuozzo Hybrid Server | 7.5 | x86_64 | readykernel-patch-191.4 | < 157.3-1.vl7 | readykernel-patch-191.4-157.3-1.vl7.x86_64.rpm |
| Virtuozzo Hybrid Server | 7.5 | x86_64 | readykernel-patch-185.3 | < 157.3-1.vl7 | readykernel-patch-185.3-157.3-1.vl7.x86_64.rpm |
| Virtuozzo Hybrid Server | 7.5 | x86_64 | readykernel-patch-183.5 | < 157.3-1.vl7 | readykernel-patch-183.5-157.3-1.vl7.x86_64.rpm |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.1%