The new Linux kernel security update patches a flaw (CVE-2020-2732) discovered by Paulo Bonzini in the KVM (Kernel-based Virtual Machine) implementation for Intel CPUs, which could allow an L2 guest to cause a denial of service, leak sensitive information from the L1 guest or escalate his/her privileges. The kernel update also fixes a vulnerability (CVE-2020-10942) discovered in Linux kernel’s vhost_net driver, which could allow a local attacker with access to /dev/vhost-net to cause a stack corruption by crafting system calls. This could lead to a denial of service (system crash) and even to privilege escalation.
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts