H3C CAS/UIS all versions
Recently, the CAS/UIS R&D team announced that the QEMu-KVM component has a high risk of o-day vulnerabilities (CVE-2020-14364).The attacker can take advantage of the vulnerability to forcibly terminate the virtualization process, realize virtualization escape, and complete the communication with the host machine by sharing memory, so as to realize the control of the host machine within the virtual machine.
The vulnerability exists in the./ hW/USB /core.c source file. Since any interaction between the virtual machine's USB interfaces (such as UHCI, EHCI, XhCI) and USB devices (such as USB-tablet, USB-mouse, etc.) will pass through the USB_process_one function in the core.c source file, which has the vulnerability of reading and writing 0xFFffffff contents of a stack after overreading the array.Since the CAS/UIS virtual machine comes with a USB-tablet device by default, all current versions of CAS and UIS are involved in this vulnerability.
Since the release of the QEMU-KVM virtualization escape vulnerability, H3C R&D team immediately followed up the principle analysis of the vulnerability and the study of repair measures, and determined that the security vulnerability could be effectively fixed by upgrading the version.
Problem solving version of CAS product:
For the local points lower than CAS E0535 version, it is necessary to upgrade CAS version to E0535H09 and then update the patch of E0535L10.
For versions between CAS E0535-E0535H09, you can directly update the patch for E0535L10;
For local points below CAS E0526 version, it is necessary to upgrade to E0526H15 version before updating the patch of E0526L18;
For versions between E0526-E0526H15, you can directly update the patch for E0526L18;
The specific operation instructions of the patch are shown in the instructions of the corresponding version. Note that the patch needs to restart or migrate the virtual machine to take effect.
Problem Solving version of UIS product:
For UIS E07XX, you can upgrade to UIS E0716H02.
For UIS E06XX version, there is no version resolved.
1）Delete the USB tablet device added by default by the virtual machine on the CVK host by the following method:
Select the virtual machine you want
to modify, right click Modify VM