ProHoster > Ibhulogi > iindaba ze-intanethi > 10 ubuthathaka kwi-Xen hypervisor

10 ubuthathaka kwi-Xen hypervisor

Ipapashiwe ulwazi malunga nobuthathaka obuli-10 kwi-Xen hypervisor, apho ezintlanu (I-CVE-2019-17341, I-CVE-2019-17342, I-CVE-2019-17340, I-CVE-2019-17346, I-CVE-2019-17343) enokuthi ikuvumela ukuba uye ngaphaya kwendawo yeendwendwe yangoku kwaye wandise amalungelo akho, ubuthathaka obunye (CVE-2019-17347) ivumela inkqubo engafanelekanga yokulawula iinkqubo zabanye abasebenzisi kwinkqubo yeendwendwe ezifanayo, ezine eziseleyo (CVE- I-2019-17344, i-CVE- 2019-17345, i-CVE-2019-17348, i-CVE-2019-17351) ubuthathaka bunokubangela ukukhanyelwa kwenkonzo (ukuwa kwendawo yokusingatha). Imiba ilungisiwe kukhupho Xen 4.12.1, 4.11.2 kunye 4.10.4.

  • I-CVE-2019-17341 - ukukwazi ukufumana ukufikelela kwinqanaba le-hypervisor ukusuka kwinkqubo yeendwendwe elawulwa ngumhlaseli. Ingxaki ibonakala kuphela kwiinkqubo ze-x86 kwaye inokubangelwa ziindwendwe ezisebenza kwimo ye-paravirotualization (PV) xa isixhobo esitsha sePCI sifakwe kwinkqubo yeendwendwe eqhubayo. Ubuthathaka abubonakali kwiinkqubo zeendwendwe ezisebenza kwiimo ze-HVM kunye ne-PVH;
  • I-CVE-2019-17340 -ukuvuza kwememori, okukuvumela ukuba unyuse amalungelo akho okanye ufumane ukufikelela kwidatha kwezinye iinkqubo zeendwendwe.
    Ingxaki ibonakala kuphela kwimikhosi engaphezulu kwe-16 TB ye-RAM kwiinkqubo ze-64-bit kunye ne-168 GB kwiinkqubo ze-32-bit.
    Ubuthathaka bunokusetyenziswa kuphela kwiinkqubo zeendwendwe kwimodi ye-PV (ubuthathaka abubonakali kwiindlela ze-HVM kunye ne-PVH xa usebenza nge-libxl);

  • I-CVE-2019-17346 -ubuthathaka xa usebenzisa i-PCID (Izichongi zomxholo weNkqubo) ukuphucula ukusebenza kokhuseleko kuhlaselo.
    I-Meltdown ikuvumela ukuba ufikelele kwidatha evela kwezinye iindwendwe kwaye unokwandisa amalungelo akho. Ubuthathaka bunokusetyenziswa kuphela kwiindwendwe kwimodi ye-PV kwiinkqubo ze-x86 (ingxaki ayenzeki kwiindlela ze-HVM kunye ne-PVH, kunye noqwalaselo olungenazo iindwendwe kunye ne-PCID enikwe amandla (i-PCID ivuliwe ngokungagqibekanga));

  • I-CVE-2019-17342 -Ingxaki ekuphunyezweni kwe XENMEM_exchange hypercall ikuvumela ukuba wandise amalungelo akho kwiindawo ngenkqubo enye yeendwendwe. Ubuthathaka bunokusetyenziswa kuphela kwiinkqubo zeendwendwe kwimodi ye-PV (ubuthathaka abubonakali kwiindlela ze-HVM kunye ne-PVH);
  • I-CVE-2019-17343 - imephu engalunganga kwi-IOMMU yenza ukuba kube lula, ukuba kukho ukufikelela kwi-system yeendwendwe kwisixhobo somzimba, ukusebenzisa i-DMA ukutshintsha itafile yephepha lememori kwaye ufumane ukufikelela kwinqanaba lokusingatha. Ukuba sesichengeni kubonakala kuphela kwiinkqubo zeendwendwe kwimo ye-PV ukuba banamalungelo okuhambisa izixhobo ze-PCI.

umthombo: opennet.ru

Yongeza izimvo