公告ID: KYLIN-2020-15852
安全等级: 中等
产品: Kylin V3
发布日期: 2020年7月16日
CVE: CVE-2020-15852
CVSS3评分: 7.0
概述:
The vulnerability can only be exploited in domains which have been granted access to IO ports by Xen. This is typically only the hardware domain, and PV guests configured with PCI passthrough. x86 HVM/PVH guests are not affected by this flaw. 描述:
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
kernel
kernel
kernel
kernel-alt
kernel-rt
kernel
kernel-rt