Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.1255
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1255)
Summary:	The remote host is missing an update for the Huawei EulerOS 'kvm' package(s) announced via the EulerOS-SA-2019-1255 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'kvm' package(s) announced via the EulerOS-SA-2019-1255 advisory. Vulnerability Insight: A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system.(CVE-2019-6974) Affected Software/OS: 'kvm' package(s) on Huawei EulerOS Virtualization 2.5.3. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-6974 BugTraq ID: 107127 http://www.securityfocus.com/bid/107127 https://www.exploit-db.com/exploits/46388/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9 https://bugs.chromium.org/p/project-zero/issues/detail?id=1765 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html RedHat Security Advisories: RHBA-2019:0959 https://access.redhat.com/errata/RHBA-2019:0959 RedHat Security Advisories: RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0818 RedHat Security Advisories: RHSA-2019:0833 https://access.redhat.com/errata/RHSA-2019:0833 RedHat Security Advisories: RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809 RedHat Security Advisories: RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967 RedHat Security Advisories: RHSA-2020:0103 https://access.redhat.com/errata/RHSA-2020:0103 https://usn.ubuntu.com/3930-1/ https://usn.ubuntu.com/3930-2/ https://usn.ubuntu.com/3931-1/ https://usn.ubuntu.com/3931-2/ https://usn.ubuntu.com/3932-1/ https://usn.ubuntu.com/3932-2/ https://usn.ubuntu.com/3933-1/ https://usn.ubuntu.com/3933-2/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.