公告ID: KYLIN-2019-7222
安全等级: 低级
产品: Kylin V3
发布日期: 2019年2月7日
CVE: CVE-2019-7222
CVSS3评分: 2.8
概述:
This issue does not affect the version of the kernel package as shipped with Kylin Enterprise Linux 5, 6, and Kylin Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Kylin Enterprise Linux 7. Future kernel updates for Kylin Enterprise Linux 7 may address this issue. Note:- Impact on Kylin Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview. 描述:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. 系统版本:
KYLIN 3.3.x
KYLIN 3.3.x
受影响包列表:
kernel-rt
kernel