QEMU-KVM vhost/vhost_net Guest to Host Kernel Escape Vulnerability - TuxCare
TuxCare Blog News

QEMU-KVM vhost/vhost_net Guest to Host Kernel Escape Vulnerability

September 17, 2019
QEMU

The KernelCare team are following developments for a recently-reported vulnerability involving QEMU-KVM guests running Linux kernels.

The vulnerability was reported by the Blade Team at Tencent, and has been given the registration CVE-2019-14835. It works as follows.

QEMU-KVM virtual instances using the vhost/vhost_net network back end use a kernel buffer to maintain a log of dirty pages. The bounds of this log are not checked by the kernel and can be made to overflow by forcing the virtual machine to migrate.

This can happen when the VM is cloud-hosted and suffers a temporary resource surge or memory leak. This in turn can trigger the cloud hosting vendor to migrate the instance, revealing the contents of the guest’s dirty pages log to the host.

This vulnerability is in all Linux kernels, from 2.6.34 to the most recent. The only known mitigation is to upgrade to the latest 5.3 kernel.

KernelCare are tracking this report and are working on mitigating patches for all supported platforms. They’ll be available today.

Patches Released to Production:

  • Debian 10
  • Debian 8
  • Debian 8-Backports
  • Debian 9
  • OEL 7
  • RHEL 7
  • CentOS 7
  • CentOS 7-Plus
  • PVE 5
  • Ubuntu Bionic
  • Ubuntu Bionic HVE
  • Ubuntu Trusty
  • Ubuntu Trusty LTS Xenial
  • Ubuntu Xenial
  • Ubuntu Xenial LTS Bionic

    Patches Released to the test repository:

  • CentOS 6
  • CentOS 6-Plus
  • OEL 6
  • OpenVZ
  • RHEL 6
  • SL 6

 

Read more about live patching of critical CVEs without a reboot here:


About KernelCare

KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It’s used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at [email protected].

 

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022

IT Automation With Live...

In a symphony orchestra, instruments harmonize to create one pleasing...

June 20, 2022

KernelCare ePortal updated – version...

We are pleased to announce that a new updated ePortal version...

June 16, 2022

KernelCare agent update – version...

We are pleased to announce that a new updated KernelCare agent...

June 2, 2022

KernelCare ePortal updated – version...

We are pleased to announce that a new updated ePortal version...

May 26, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching