I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > 10 ubungozi ku-Xen hypervisor

10 ubungozi ku-Xen hypervisor

Ishicilelwe ulwazi mayelana nokukhubazeka okungu-10 ku-Xen hypervisor, okuyisihlanu (I-CVE-2019-17341, I-CVE-2019-17342, I-CVE-2019-17340, I-CVE-2019-17346, I-CVE-2019-17343) okungase kukuvumela ukuthi udlulele ngale kwemvelo yesivakashi yamanje futhi wandise amalungelo akho, ukuba sengozini okukodwa (CVE-2019-17347) kuvumela inqubo engenalungelo ukuthola ukulawula izinqubo zabanye abasebenzisi ohlelweni olufanayo lwezivakashi, abane abasele (CVE- 2019-17344, CVE- 2019-17345, CVE-2019-17348, CVE-2019-17351) ubungozi bungabangela ukwenqatshwa kwesevisi (ukuwa kwemvelo yomsingathi). Izinkinga zilungisiwe ekukhishweni Xen 4.12.1, 4.11.2 kanye no-4.10.4.

  • I-CVE-2019-17341 β€” ikhono lokufinyelela ezingeni le-hypervisor kusuka kusistimu yesivakashi elawulwa umhlaseli. Inkinga ibonakala kuphela kumasistimu e-x86 futhi ingabangelwa izihambeli ezisebenzisa imodi ye-paravirotualization (PV) uma idivayisi ye-PCI entsha ishuthekwa kusistimu yesivakashi esebenzayo. Ukuba sengozini akuveli kumasistimu wezihambeli asebenza ngamamodi e-HVM ne-PVH;
  • I-CVE-2019-17340 - ukuvuza kwenkumbulo, okungase kukuvumela ukuthi ukhuphule amalungelo akho noma uthole ukufinyelela kudatha evela kwamanye amasistimu wezihambeli.
    Inkinga ibonakala kuphela kubasingathi abane-RAM engaphezu kwe-16 TB kumasistimu we-64-bit kanye ne-168 GB kumasistimu we-32-bit.
    Ukuba sengozini kungase kusetshenziswe kuphela ezinhlelweni zesivakashi kumodi ye-PV (ukuba sengozini akuveli kumamodi e-HVM ne-PVH uma usebenza nge-libxl);

  • I-CVE-2019-17346 - Ukuba sengozini lapho usebenzisa i-PCID (Izihlonzi Zokuqukethwe Kwenqubo) ukuthuthukisa ukusebenza kokuvikela ekuhlaselweni
    I-Meltdown ikuvumela ukuthi ufinyelele idatha evela kwezinye izihambeli futhi ukhulise amalungelo akho. Ukuba sengozini kungaxhashazwa kuphela kubavakashi kumodi ye-PV kumasistimu e-x86 (inkinga ayenzeki kumamodi e-HVM ne-PVH, kanye nasezilungiselelweni ezingenazo izihambeli ezine-PCID enikwe amandla (i-PCID inikwe amandla ngokuzenzakalela));

  • I-CVE-2019-17342 - inkinga ekusetshenzisweni kwe-XENMEM_exchange hypercall ikuvumela ukuthi ukhulise amalungelo akho ezindaweni ezinohlelo olulodwa lwezivakashi. Ukuba sengozini kungasetshenziswa kuphela ezinhlelweni zesivakashi kumodi ye-PV (ukuba sengozini akuveli kumamodi e-HVM ne-PVH);
  • I-CVE-2019-17343 β€” ukwenza imephu engalungile ku-IOMMU kwenza kube nokwenzeka, uma kukhona ukufinyelela kusuka kusistimu yesivakashi kuya kudivayisi ephathekayo, ukusebenzisa i-DMA ukuze uguqule ithebula layo lememori yekhasi futhi uthole ukufinyelela ezingeni lokusingatha. Ukuba sengozini kuvela kuphela kumasistimu wesivakashi kumodi ye-PV uma sinamalungelo okudlulisela phambili amadivayisi e-PCI.

Source: opennet.ru

Engeza amazwana