Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Zowopsa 10 mu Xen hypervisor

Zowopsa 10 mu Xen hypervisor

Lofalitsidwa Zambiri zokhudzana ndi zofooka za 10 mu Xen hypervisor, zomwe zisanu (CVE-2019-17341, CVE-2019-17342, CVE-2019-17340, CVE-2019-17346, CVE-2019-17343) zitha kukulolani kuti mutuluke m'malo a alendo omwe ali pano ndikukweza mwayi wanu, chiwopsezo chimodzi (CVE-2019-17347) chimalola njira yopanda mwayi kuti muwongolere machitidwe a ogwiritsa ntchito omwe ali m'gulu lomwelo la alendo, anayi otsalawo (CVE-2019) -17344, CVE- 2019-17345, CVE-2019-17348, CVE-2019-17351) ziwopsezo zingayambitse kukana ntchito (kuwonongeka kwa chilengedwe). Nkhani zokhazikika muzotulutsa Xen 4.12.1, 4.11.2 ndi 4.10.4.

  • CVE-2019-17341 - kuthekera kofikira pamlingo wa hypervisor kuchokera ku dongosolo la alendo lomwe limayendetsedwa ndi wowukirayo. Vutoli limangochitika pamakina a x86 ndipo limatha kuperekedwa kuchokera kwa alendo omwe akuyenda mu paravirotualization (PV) pokankhira chipangizo chatsopano cha PCI kukhala mlendo wothamanga. Alendo omwe akuyenda mumitundu ya HVM ndi PVH samakhudzidwa;
  • CVE-2019-17340 - Kuwonongeka kwa kukumbukira, komwe kungakulole kuti mukweze mwayi wanu kapena kupeza zambiri kuchokera kumakina ena a alendo.
    Vuto limangochitika pa makamu omwe ali ndi 16TB ya RAM pa machitidwe a 64-bit ndi 168GB pa machitidwe a 32-bit.
    Chiwopsezo chingagwiritsidwe ntchito kokha kuchokera ku machitidwe a alendo mu PV mode (mu ma HVM ndi PVH modes, pamene mukugwira ntchito kudzera mu libxl, chiwopsezo sichidziwonetsera chokha);

  • CVE-2019-17346 - Chiwopsezo mukamagwiritsa ntchito PCID (Process Context Identifiers) kuti mupititse patsogolo chitetezo pakuwukiridwa
    Meltdown imakulolani kuti mupeze zambiri kuchokera ku machitidwe ena a alendo ndikukweza mwayi wanu. Chiwopsezocho chikhoza kugwiritsidwa ntchito kokha kuchokera ku machitidwe a alendo mu PV mode pa machitidwe a x86 (vuto silikuwoneka mumitundu ya HVM ndi PVH, komanso m'makonzedwe omwe mulibe alendo omwe ali ndi PCID yothandizidwa (PCID imayatsidwa mwachisawawa));

  • CVE-2019-17342 - vuto pakukhazikitsa XENMEM_exchange hypercall limakupatsani mwayi wokweza mwayi wanu m'malo okhala ndi alendo amodzi okha. Chiwopsezocho chingagwiritsidwe ntchito kokha kuchokera ku machitidwe a alendo mu PV mode (chiwopsezo sichimawonekera mumitundu ya HVM ndi PVH);
  • CVE-2019-17343 - mapu olakwika mu IOMMU amapangitsa kuti zikhale zotheka, ngati pali mwayi wopita ku kachitidwe ka alendo kupita ku chipangizo chakuthupi, kugwiritsa ntchito DMA kusintha tebulo lake latsamba lachikumbukiro ndikupeza mwayi pa mlingo wa alendo. Chiwopsezochi chimadziwonetsera kokha mu machitidwe a alendo mu PV mode ndi ufulu wotumizira zida za PCI.

Source: opennet.ru

Kuwonjezera ndemanga