ProHoster > Blog > litaba tsa inthanete > Bofokoli ba 10 ho Xen hypervisor

Bofokoli ba 10 ho Xen hypervisor

E hatisitsoe lintlha tse mabapi le bofokoli ba 10 ho Xen hypervisor, tseo tse hlano (CVE-2019-17341, CVE-2019-17342, CVE-2019-17340, CVE-2019-17346, CVE-2019-17343) e kanna ea u lumella ho fetela ka nqane ho tikoloho ea moeti ea hajoale le ho eketsa litokelo tsa hau, ts'oaetso e le 'ngoe (CVE-2019-17347) e lumella ts'ebetso e se nang tokelo ea ho fumana taolo holim'a lits'ebetso tsa basebelisi ba bang tsamaisong e tšoanang ea baeti, ba bane ba setseng (CVE- 2019-17344, CVE- 2019-17345, CVE-2019-17348, CVE-2019-17351) bofokoli bo ka baka ho haneloa ha ts'ebeletso (ho putlama ha tikoloho ea moamoheli). Litaba li lokisitsoe litokollong Xen 4.12.1, 4.11.2 le 4.10.4.

  • CVE-2019-17341 - bokhoni ba ho fumana phihlello maemong a hypervisor ho tsoa ho sistimi ea baeti e laoloang ke mohlaseli. Bothata bo hlaha feela litsamaisong tsa x86 mme bo ka bakoa ke baeti ba sebetsang ka mokhoa oa paravirotualization (PV) ha sesebelisoa se secha sa PCI se kengoa tsamaisong ea baeti e sebetsang. Kotsi ha e hlahe lits'ebetsong tsa baeti tse sebetsang ka mekhoa ea HVM le PVH;
  • CVE-2019-17340 - ho lutla mohopolong, ho ka u fa monyetla oa ho holisa litokelo tsa hau kapa ho fumana phihlello ea data ho tsoa litsing tse ling tsa baeti.
    Bothata bo hlaha feela ho mabotho a nang le 16 TB ea RAM ho litsamaiso tsa 64-bit le 168 GB ho litsamaiso tsa 32-bit.
    Ho ba kotsing ho ka sebelisoa feela ho tsoa ho litsamaiso tsa baeti ka mokhoa oa PV (bofokoli ha bo hlahe ka mekhoa ea HVM le PVH ha u sebetsa ka libxl);

  • CVE-2019-17346 - ho ba kotsing ha o sebelisa PCID (Process Context Identifiers) ho ntlafatsa ts'ebetso ea ts'ireletso khahlano le litlhaselo.
    Meltdown e u fa monyetla oa ho fumana data ho tsoa ho baeti ba bang mme e ka eketsa menyetla ea hau. Ho ba kotsing ho ka sebelisoa feela ho tsoa ho baeti ka mokhoa oa PV ho litsamaiso tsa x86 (bothata ha bo hlahe ka mekhoa ea HVM le PVH, hammoho le litlhophiso tse se nang baeti ba nang le PCID e lumelletsoeng (PCID e lumelloa ke kamehla));

  • CVE-2019-17342 - bothata ts'ebetsong ea XENMEM_exchange hypercall e u lumella ho eketsa litokelo tsa hau libakeng tse nang le tsamaiso e le 'ngoe feela ea baeti. Ho ba kotsing ho ka sebelisoa feela ho tsoa litsing tsa baeti ka mokhoa oa PV (bothata ha bo hlahe ka mekhoa ea HVM le PVH);
  • CVE-2019-17343 - 'mapa o sa nepahalang ho IOMMU o etsa hore ho khonehe, haeba ho na le phihlello ho tloha ho sistimi ea baeti ho ea sesebelisoa sa' mele, ho sebelisa DMA ho fetola tafole ea eona ea leqephe la memori le ho fumana phihlello boemong ba moamoheli. Ho ba kotsing ho hlaha feela lits'ebetsong tsa baeti ka mokhoa oa PV haeba ba na le litokelo tsa ho fetisetsa lisebelisoa tsa PCI.

Source: opennet.ru

Eketsa ka tlhaloso