Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20200115-01-QEMU
HistoryJan 15, 2020 - 12:00 a.m.

Security Advisory - Buffer Overflow Vulnerability in QEMU-KVM

2020-01-1500:00:00
Huawei Technologies
www.huawei.com
67

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.4%

There is a buffer overflow vulnerability in the vhost module of QEMU-KVM. During the hot migration of the target VM, an attacker with guest user account may send descriptors with invalid length to the affected host to exploit this vulnerability. Successfully exploited may cause the kernel buffer overflow and triggered to VM escape. (Vulnerability ID: HWPSIRT-2019-09112)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-14835.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en

Affected configurations

Vulners
Node
huaweimanageoneMatch6.5.0
OR
huaweimanageoneMatch6.5.0.spc100.b210
OR
huaweimanageoneMatch6.5.1rc1.b060
OR
huaweimanageoneMatch6.5.1rc1.b080
OR
huaweimanageoneMatch6.5.rc2.b050
OR
huaweiimanager_netecoMatchv600r009c00
OR
huaweiimanager_netecoMatchv600r009c10spc200
OR
huaweiimanager_neteco_6000Matchv600r008c10spc300
OR
huaweiimanager_neteco_6000Matchv600r008c20

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.4%