Detections
Analytics

Virtuozzo 7 : readykernel-patch (VZA-2019-074)

high Nessus Plugin ID 133459

Synopsis

The remote Virtuozzo host is missing a security update.

Description

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :

 - [3.10.0-693.17.1.vz7.43.10 to 3.10.0-957.12.2.vz7.96.21] vhost-net: guest to host kernel escape during migration. A buffer overflow vulnerability was found in the networking virtualization functionality (vhost-net) that could be abused during live migration of virtual machines. A privileged guest user may pass descriptors with invalid length to the host when live migration is underway to crash the host kernel or, potentially, escalate their privileges on the host.

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the readykernel patch.

See Also

https://virtuozzosupport.force.com/s/article/VZA-2019-074

https://access.redhat.com/security/vulnerabilities/kernel-vhost

https://bugzilla.redhat.com/show_bug.cgi?id=1750727

http://www.nessus.org/u?c710ce43

http://www.nessus.org/u?ceda4f0c

http://www.nessus.org/u?edcc8fe1

http://www.nessus.org/u?f85a6977

http://www.nessus.org/u?379d6400

http://www.nessus.org/u?e76c0fcc

http://www.nessus.org/u?d19b762a

http://www.nessus.org/u?54ae3570

http://www.nessus.org/u?04dd07ac

http://www.nessus.org/u?2176b0a1

Plugin Details

Severity: High

ID: 133459

File Name: Virtuozzo_VZA-2019-074.nasl

Version: 1.4

Type: local

Published: 2/4/2020

Updated: 3/28/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-14835

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:virtuozzo:virtuozzo:readykernel, cpe:/o:virtuozzo:virtuozzo:7

Required KB Items: Host/local_checks_enabled, Host/Virtuozzo/release, Host/Virtuozzo/rpm-list, Host/readykernel-info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/23/2019

Reference Information

CVE: CVE-2019-14835