Linux Kernel Xen Hypervisor实现拒绝服务漏洞

BUGTRAQ ID: 43578 CVE ID: CVE-2010-2938 Linux Kernel是Linux操作系统所使用的内核。 当运行的系统支持无EPT的Intel CPU时，Xen hypervisor实现中存在漏洞。在试图dump有关崩溃的完全虚拟化guest信息时，拥有配置完全虚拟化guest系统权限的用户可以利用这个漏洞导致主机崩溃。 RedHat Enterprise Linux v.5 server RedHat Enterprise Linux Desktop v.5 client 厂商补丁： RedHat ------...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

kernel security and bug fix update

2.6.18-194.17.1.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina Yang orabug...

Researchers Develop Stealth Hypervisor Tool

Researchers at NC State University and IBM have built a prototype security tool that operates in stealth mode to determine the security of a hypervisor so as not to tip off attackers. Read the full article. Dark Reading...

kernel security update

2.6.18-194.11.4.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina Yang orabug...

kernel security update

2.6.9-89.0.29.0.1.EL - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

Moderate: Red Hat Security Advisory: spice-xpi security and bug fix update

An updated spice-xpi package that fixes two security issues and three bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

CVE-2010-2784

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...

CVE-2010-0435

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

CVE-2010-0431

QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or possibly gain privileg...

Null pointer dereference

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

Design/Logic Flaw

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...

CVE-2010-2784

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...

Design/Logic Flaw

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service guest OS crash ...

CVE-2010-0435

CVE-2010-0435 is a KVM/Hypervisor NULL pointer dereference vulnerability that arises when Intel VT-x is enabled, allowing a privileged guest to crash the host via instruction-emulation vectors. Public advisories (RHBA/RHSA-2010-0622 for RHEL5/RHEV 2.2 and ELSA-2010-0627/ELSA-2010-0627) document h...

CVE-2010-0435

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

CVE-2010-0431

QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or possibly gain privileg...

CVE-2010-0429

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service guest OS crash ...

CVE-2010-0428

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or...

CVE-2010-2784

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...