公告ID: KYLIN-2020-13754
安全等级: 中等
产品: Kylin V3
发布日期: 2020年6月1日
CVE: CVE-2020-13754
CVSS3评分: 5.0
概述:
None 描述:
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. An out-of-bounds access flaw was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user or process may use this flaw to crash the QEMU process resulting in a denial of service. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
kvm
qemu-kvm
qemu-kvm
qemu-kvm-ma
qemu-kvm-rhev
virt:rhel/qemu-kvm