漏洞信息
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM.
Security Fix(es):
* Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403)
漏洞危害
On successful exploitation guest user could submit more requests than the virtqueue size permits.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:1585 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论