oss-sec mailing list archives
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
From: bo Zhang <zhangbo5891001 () gmail com>
Date: Wed, 9 Oct 2019 10:56:15 +0800
Hi, Tina This vulnerability is a kernel vul and different verison of Qemu should not affect the reproduce. Try the following steps: 1. The guest kernel patch is for this version: Ubuntu-hwe-4.15.0-50.54_16.04.1( https://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/tree/drivers/virtio/virtio_ring.c?h=Ubuntu-hwe-4.15.0-50.54_16.04.1), if you use different kernel version, the patch may need to be modified slightly. The patch makes the guest kernel create a invalid descriptor table and the echo command is just to trigger the bug through a kernel variable. 2. Ubuntu had released the patched kernel, the host kernel you used should not be patched(< 5.2.x) for reproducing the vulnerability. Thanks! cradmin of Tencent Blade Team
Current thread:
- Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li (Oct 03)
- Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow bo Zhang (Oct 09)