Lucene search

VirtuozzoVZA-2023-018

HistoryJul 06, 2023 - 12:00 a.m.

[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Hybrid Server 7.5

2023-07-0600:00:00

docs.virtuozzo.com

virtuozzo readykernel

patch 157.3

security fixes

virtuozzo hybrid server 7.5

vulnerability psbm-147036

use-after-free

kernel data leak

memory leak

out-of-bound memory access

invalid memory access

kernel crash

spectre-like gadget

bluetooth connection

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

14.2%

JSON

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5.
Vulnerability id: PSBM-147036
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Partial fix to prevent memory leak for some cases in the cgroup subsystem.

Vulnerability id: RK-337
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the packet family socket in prb_retire_rx_blk_timer_expired().

Vulnerability id: CVE-2023-0458
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel data leak via spectre-like ‘gadget.’

Vulnerability id: CVE-2023-2124
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A kernel crash on mount invalid XFS image.

Vulnerability id: CVE-2023-2162
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in the iSCSI driver.

Vulnerability id: CVE-2023-31436
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Out-of-bound memory access in the QFQ network packet scheduler.

Vulnerability id: CVE-2023-2513
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free in ext4 setfattr.

Vulnerability id: CVE-2023-30456
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Missed the CR0 and CR4 register checks in KVM subsystem.

Vulnerability id: CVE-2023-1074
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A memory leak in the SCTP socket error path.

Vulnerability id: CVE-2023-3212
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] Invalid memory access on mount invalid GFS2 image.

Vulnerability id: CVE-2021-3640
[3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4] A use-after-free while connecting Bluetooth.

OSVersionArchitecturePackageVersionFilename
Virtuozzo Hybrid Server7.5x86_64readykernel-patch-191.4< 157.3-1.vl7readykernel-patch-191.4-157.3-1.vl7.x86_64.rpm
Virtuozzo Hybrid Server7.5x86_64readykernel-patch-185.3< 157.3-1.vl7readykernel-patch-185.3-157.3-1.vl7.x86_64.rpm
Virtuozzo Hybrid Server7.5x86_64readykernel-patch-183.5< 157.3-1.vl7readykernel-patch-183.5-157.3-1.vl7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Virtuozzo Hybrid Server	7.5	x86_64	readykernel-patch-191.4	< 157.3-1.vl7	readykernel-patch-191.4-157.3-1.vl7.x86_64.rpm
Virtuozzo Hybrid Server	7.5	x86_64	readykernel-patch-185.3	< 157.3-1.vl7	readykernel-patch-185.3-157.3-1.vl7.x86_64.rpm
Virtuozzo Hybrid Server	7.5	x86_64	readykernel-patch-183.5	< 157.3-1.vl7	readykernel-patch-183.5-157.3-1.vl7.x86_64.rpm