ProHoster > Blog > internet nhau > 10 kusagadzikana muXen hypervisor

10 kusagadzikana muXen hypervisor

Rakabudiswa ruzivo nezve gumi kusagadzikana muXen hypervisor, ayo mashanu (CVE-2019-17341, CVE-2019-17342, CVE-2019-17340, CVE-2019-17346, CVE-2019-17343) zvinogona kukubvumidza kuti ubude munzvimbo yazvino yevaenzi uye kusimudza ropafadzo dzako, kusagadzikana kumwe (CVE-2019-17347) inobvumira maitiro asina rusarura kuti atore kutonga pamusoro pemaitiro evamwe vashandisi mune imwecheteyo yevaenzi sisitimu, ivo vana vasara (CVE-2019) -17344, CVE- 2019-17345, CVE-2019-17348, CVE-2019-17351) kusasimba kunogona kukonzera kurambwa kwesevhisi (kuparara kwenzvimbo yevaenzi). Nyaya dzakagadziriswa mukuburitswa Xen 4.12.1, 4.11.2 uye 4.10.4.

  • CVE-2019-17341 -Kugona kuwana mukana weiyo hypervisor level kubva kune yevaenzi sisitimu inodzorwa neanorwisa. Dambudziko rinongoitika pa x86 masisitimu uye rinogona kuzvipira kubva kune vaenzi vanomhanya muparavirtualization (PV) modhi nekusundidzira mudziyo mutsva wePCI kumuenzi ari kumhanya. Vaenzi vanomhanya muHVM nePVH modes havakanganisike;
  • CVE-2019-17340 -Kudonha kwendangariro, kungangokubvumidza iwe kukwidziridza ropafadzo dzako kana kuwana data kubva kune mamwe masisitimu evaenzi.
    Dambudziko rinongoitika pane vanotambira vane anopfuura 16TB ye RAM pane 64-bit masisitimu uye 168GB pane 32-bit masisitimu.
    Kusagadzikana kunogona kungoshandiswa kubva kune vaenzi masisitimu muPV modhi (muHVM nePVH modes, kana uchishanda kuburikidza ne libxl, kusazvibata hakuzviratidzi pachako);

  • CVE-2019-17346 -Kusagadzikana kana uchishandisa PCID (Process Context Identifiers) kuvandudza mashandiro ekudzivirira kubva mukurwiswa
    Meltdown inokutendera iwe kuti uwane data kubva kune mamwe masystem masisitimu uye inogona kukwidziridza maropafadzo ako. Kusagadzikana kunogona kungoshandiswa kubva kune vaenzi masisitimu muPV modhi pane x86 masisitimu (dambudziko hariratidzike muHVM nePVH modhi, pamwe nekumisikidza uko kusina vashanyi vane PCID inogoneswa (PCID inogoneswa neiyo default)) ;

  • CVE-2019-17342 - dambudziko mukuitwa kweiyo XENMEM_exchange hypercall inobvumidza iwe kukwidziridza ropafadzo dzako munzvimbo dzine imwe chete yevaenzi system. Kusagadzikana kunogona kungoshandiswa kubva kune vaenzi masisitimu muPV modhi (kusagadzikana hakuoneki muHVM nePVH modes);
  • CVE-2019-17343 - Mepu isiriyo muIOMMU inoita kuti zvibvire, kana paine mukana kubva kune yevaenzi sisitimu kuenda kune yemuviri mudziyo, kushandisa DMA kushandura yayo yega peji peji tafura uye kuwana mukana padanho rekugamuchira. Kusagadzikana kunozviratidza chete mumasisitimu evaenzi muPV modhi ine kodzero dzekutumira PCI zvishandiso.

Source: opennet.ru

Voeg