VirtuozzoVZA-2023-027[Important] [Security] Virtuozzo ReadyKernel Patch 161.0 for Virtuozzo Hybrid Server 7.5
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
58.3%
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5.
Vulnerability id: PSBM-150027
[3.10.0-1160.53.1.vz7.185.3 to 3.10.0-1160.90.1.vz7.200.7] A race condition in ‘venetdev’ leads to corrupted data in ‘/proc/net/dev.’
Vulnerability id: CVE-2022-0617
[3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference after mounting a special UDF filesystem image.
Vulnerability id: RK-352
[3.10.0-1160.90.1.vz7.200.7] RDMA connection is not stable enough because of a low default retry counter.
Vulnerability id: CVE-2023-3609
[3.10.0-1160.90.1.vz7.200.7] A reference counter leak in an error path for a network packet scheduler.
Vulnerability id: CVE-2023-3776
[3.10.0-1160.90.1.vz7.200.7] A use-after-free in a network packet scheduler.
Vulnerability id: CVE-2023-3772
[3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference in IPsec configuration.
Vulnerability id: CVE-2023-3611
[3.10.0-1160.90.1.vz7.200.7] An invalid memory write in a network packet scheduler.
Vulnerability id: CVE-2023-35788
[3.10.0-1160.90.1.vz7.200.7] An out-of-bounds memory write in a network packet scheduler.
Vulnerability id: CVE-2023-3567
[3.10.0-1160.90.1.vz7.200.7] A use-after-free in a Linux console driver.
Vulnerability id: CVE-2023-3268
[3.10.0-1160.90.1.vz7.200.7] Out-of-bounds memory access during reading relayfs.
Vulnerability id: CVE-2023-1095
[3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference caused by a race during updating nftables.
Vulnerability id: CVE-2022-47929
[3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference in traffic control when assigning classes to noqueue disciplines.
Vulnerability id: CVE-2023-0590
[3.10.0-1160.90.1.vz7.200.7] A use-after-free while changing a network packet scheduler.
Vulnerability id: CVE-2023-3212
[3.10.0-1160.90.1.vz7.200.7] Invalid memory access on mounting an invalid GFS2 image.
Vulnerability id: CVE-2023-1074
[3.10.0-1160.90.1.vz7.200.7] A memory leak in the SCTP socket error path.
Vulnerability id: CVE-2023-30456
[3.10.0-1160.90.1.vz7.200.7] Missed CR0 and CR4 register checks in the KVM subsystem.
Vulnerability id: CVE-2023-2513
[3.10.0-1160.90.1.vz7.200.7] A use-after-free in ‘ext4 setfattr.’
Vulnerability id: CVE-2023-31436
[3.10.0-1160.90.1.vz7.200.7] Out-of-bounds memory access in a QFQ network packet scheduler.
Vulnerability id: CVE-2023-2162
[3.10.0-1160.90.1.vz7.200.7] A use-after-free in an iSCSI driver.
Vulnerability id: CVE-2023-2124
[3.10.0-1160.90.1.vz7.200.7] A kernel crash on mounting an invalid XFS image.
Vulnerability id: CVE-2023-0458
[3.10.0-1160.90.1.vz7.200.7] A kernel data leak via spectre-like ‘gadget.’
Vulnerability id: RK-337
[3.10.0-1160.90.1.vz7.200.7] A use-after-free in a packet family socket in ‘prb_retire_rx_blk_timer_expired().’
Vulnerability id: CVE-2022-29581
[3.10.0-1160.90.1.vz7.200.7] A memory leak in the net queue scheduler cls_u32 error handler.
Vulnerability id: CVE-2022-20141
[3.10.0-1160.90.1.vz7.200.7] A use-after-free when routing an IGMP multicast message.
Vulnerability id: CVE-2023-1838
[3.10.0-1160.90.1.vz7.200.7] A double-free in a net vhost driver error path.
Vulnerability id: CVE-2022-41858
[3.10.0-1160.90.1.vz7.200.7] A null-pointer dereference in a net SLIP driver.
Vulnerability id: CVE-2022-24448
[3.10.0-1160.90.1.vz7.200.7] Handle case where the lookup of a directory but a file exists.
Vulnerability id: CVE-2022-0812
[3.10.0-1160.90.1.vz7.200.7] ‘xprtrdma’ incorrect header size calculations.
Vulnerability id: CVE-2022-4379
[3.10.0-1160.90.1.vz7.200.7] NFSv4.1 double ‘svc_xprt_put’ if ‘rpc_create’ failures.
Vulnerability id: CVE-2022-3545
[3.10.0-1160.90.1.vz7.200.7] A use-after-free in an NFP device driver.
Vulnerability id: CVE-2022-2663
[3.10.0-1160.90.1.vz7.200.7] A netfilter fix in the IRC helper.
Vulnerability id: CVE-2022-3566
[3.10.0-1160.90.1.vz7.200.7] Data races around the ‘icsk->icsk_af_ops’ pointer.
Vulnerability id: CVE-2022-3524
[3.10.0-1160.90.1.vz7.200.7] Memory leak in ‘ipv6_renew_options.’
Vulnerability id: CVE-2022-2639
[3.10.0-1160.90.1.vz7.200.7] An ‘openvswitch: integer’ underflow leads to an out-of-bounds write.
Vulnerability id: CVE-2021-45868
[3.10.0-1160.90.1.vz7.200.7] Quota: check the block number when reading the block in a quota file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Virtuozzo Hybrid Server | 7.5 | x86_64 | readykernel-patch-200.7 | < 161.0-1.vl7 | readykernel-patch-200.7-161.0-1.vl7.x86_64.rpm |
| Virtuozzo Hybrid Server | 7.5 | x86_64 | readykernel-patch-191.4 | < 161.0-1.vl7 | readykernel-patch-191.4-161.0-1.vl7.x86_64.rpm |
| Virtuozzo Hybrid Server | 7.5 | x86_64 | readykernel-patch-185.3 | < 161.0-1.vl7 | readykernel-patch-185.3-161.0-1.vl7.x86_64.rpm |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
58.3%