公告ID: KYLIN-2019-14835
安全等级: 重要
产品: Kylin V3
发布日期: 2019年9月17日
CVE: CVE-2019-14835
CVSS3评分: 7.2
概述:
Kylin Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Kylin Knowledgebase article: https://access.Kylin.com/security/vulnerabilities/kernel-vhost 描述:
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. 系统版本:
KYLIN 3.3.x
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
kernel-alt
kernel
kernel
kernel-3.10.0-1062.1.2.el7
kernel-4.18.0-80.11.2.el8_0
kernel-rt-4.18.0-80.11.2.rt9.157.el8_0