• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 全部
  • 全部
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
高级搜索

Announcement on repairing QEMU-KVM Virtualization escape vulnerability of CAS/UIS

2020-09-27 Published
  • 0关注
  • 0收藏,74浏览
孟普 六段
粉丝:1人 关注:0人

Problem Description

Product Model
H3C CAS

H3C UIS

Involving Version

H3C CAS/UIS all versions

Vulnerability Describes

Recently, the CAS/UIS R&D team announced that the QEMu-KVM component has a high risk of o-day vulnerabilities (CVE-2020-14364).The attacker can take advantage of the vulnerability to forcibly terminate the virtualization process, realize virtualization escape, and complete the communication with the host machine by sharing memory, so as to realize the control of the host machine within the virtual machine.

Cause Analysis

The vulnerability exists in the./ hW/USB /core.c source file. Since any interaction between the virtual machine's USB interfaces (such as UHCI, EHCI, XhCI) and USB devices (such as USB-tablet, USB-mouse, etc.) will pass through the USB_process_one function in the core.c source file, which has the vulnerability of reading and writing 0xFFffffff contents of a stack after overreading the array.Since the CAS/UIS virtual machine comes with a USB-tablet device by default, all current versions of CAS and UIS are involved in this vulnerability. 

Circumvention measures/solutions

Since the release of the QEMU-KVM virtualization escape vulnerability, H3C R&D team immediately followed up the principle analysis of the vulnerability and the study of repair measures, and determined that the security vulnerability could be effectively fixed by upgrading the version.

Problem solving version of CAS product:

CAS E0526L18

CAS E0535L10

CAS E0708H01

For the local points lower than CAS E0535 version, it is necessary to upgrade CAS version to E0535H09 and then update the patch of E0535L10.

For versions between CAS E0535-E0535H09, you can directly update the patch for E0535L10;

For local points below CAS E0526 version, it is necessary to upgrade to E0526H15 version before updating the patch of E0526L18;

For versions between E0526-E0526H15, you can directly update the patch for E0526L18;

The specific operation instructions of the patch are shown in the instructions of the corresponding version. Note that the patch needs to restart or migrate the virtual machine to take effect.

Problem Solving version of UIS product:

For UIS E07XX, you can upgrade to UIS E0716H02.

For UIS E06XX version, there is no version resolved.

Avoidance scheme:

1Delete the USB tablet device added by default by the virtual machine on the CVK host by the following method:

Select the virtual machine you want to modify, right click Modify VM More Tablet, select Delete hardware.A cold restart of the virtual machine is required to take effect after deletion.


2Because the vulnerability nees to enter into the virtual machine to attack, if the virtual machine for business needs, must use USB devices.For this kind of scenario, it is suggested to enhance the password complexity of virtual machine operating system and CVK host to improve the system security of virtual machine and host.

0 comments

No comments

Add Comments:

举报

×

侵犯我的权益 >
对根叔知了社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔知了社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明

提出建议

    +
<

亲~登录后才可以操作哦!

确定

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作