Red Hat Enterprise Linux 6 and CentOS 6 Receive Important Kernel Security Update
Red Hat Product Security and CentOS Project have pushed a new Linux kernel security update for the Red Hat Enterprise Linux 6 and CentOS Linux 6 operating system series to fix an important vulnerability.
Marked by the Red Hat Product Security as having a security impact of “Important,” the new Linux kernel security patch addresses a buffer overflow flaw (CVE-2019-14835) discovered in Linux kernel’s vhost (virtual host) functionality, which apparently could allow a privileged guest user to escalate his/her privileges on the host system by passing descriptors with invalid length during migration.
“A buffer overflow flaw was found in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to… (read more)