virtualization
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
virtualization [2015/12/03 11:47] Sona Sarmadi [KVM(Linux kernel)/QEMU] |
virtualization [2016/01/14 12:10] (current) Sona Sarmadi |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== KVM(Linux kernel)/QEMU ==== | + | ==== KVM ==== |
| * git reppo: https://git.opnfv.org/cgit/kvmfornfv/tree | * git reppo: https://git.opnfv.org/cgit/kvmfornfv/tree | ||
| * kernel-git: https://git.opnfv.org/cgit/kvmfornfv/tree/kernel | * kernel-git: https://git.opnfv.org/cgit/kvmfornfv/tree/kernel | ||
| + | * KVM Security Improvements: http://www.linux-kvm.org/images/f/f6/01x02-KVMHardening.pdf | ||
| + | CVE-list: | ||
| + | * [[https://web.nvd.nist.gov/view/vuln/search-results?query=kvm&search_type=all&cves=on|web.nvd.nist.gov]] | ||
| + | * [[https://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/Linux-Linux-Kernel.html |cvedetails.com]](search for kvm) | ||
| + | |||
| + | === CVEs fixed in KVM === | ||
| + | |||
| + | ^ CVE ^ Description ^ Fixed in Arno ^ Fixed in Brahmaputra| | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-8104]] | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | | | | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-5307]] | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | | | | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-4692]] | The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | | | | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239|CVE-2015-0239]] | The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | | | | ||
| + | | | | ||
| + | |||
| + | ==== QEMU ==== | ||
| * Qemu-git: https://git.opnfv.org/cgit/kvmfornfv/tree/qemu | * Qemu-git: https://git.opnfv.org/cgit/kvmfornfv/tree/qemu | ||
| * Qemu-wiki: http://wiki.qemu.org | * Qemu-wiki: http://wiki.qemu.org | ||
| Line 8: | Line 23: | ||
| * CVE-list: https://www.cvedetails.com/vulnerability-list/vendor_id-7506/Qemu.html | * CVE-list: https://www.cvedetails.com/vulnerability-list/vendor_id-7506/Qemu.html | ||
| - | ^ CVE ^ Fixed in master Description ^ Fixed in Arno | | | + | === CVEs fixed in QEMU === |
| - | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-8104]] | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | | | | + | |
| - | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-5307]] | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | | | | + | |
| - | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-4692]] | The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | | | | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| + | ^ CVE ^ Description ^ Fixed in Arno ^ Fixed in Brahmaputra| | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295|CVE-2015-7295]] | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. | | | | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6855|CVE-2015-6855]] | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | | | | ||
| + | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2015-5225|CVE-2015-5225]] | Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. | | | | ||
| ==== Xen ==== | ==== Xen ==== | ||
virtualization.1449143255.txt.gz · Last modified: 2015/12/03 11:47 by Sona Sarmadi
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
