All errata/sisyphus/ALT-PU-2023-1507-2
ALT-PU-2023-1507-2

Package update pve-qemu in branch sisyphus

Version7.2.0-alt1
Task#316507
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2024-07351
MEDIUM6.5

Уязвимость функций read_erst_record() и write_erst_record() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-09-23Modified: 2024-11-06
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2022-4172
MEDIUM6.5

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Published: 2022-11-29Modified: 2025-04-14
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References