ALT-PU-2023-4715-2

BDU:2023-04834

MEDIUM6.0

Уязвимость компонента lsi53c895a.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-08-21Modified: 2024-11-14

CVSS 3.xMEDIUM 6.0

CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:L/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2023-0330

BDU:2023-05459

MEDIUM5.7

Уязвимость функции scsi_disk_reset() (hw/scsi/scsi-disk.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-09-12Modified: 2025-03-05

CVSS 3.xMEDIUM 5.7

CVSS:3.x/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2023-42467

BDU:2024-04418

MEDIUM5.6

Уязвимость интерфейса virtio-net эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-06-07Modified: 2025-08-19

CVSS 3.xMEDIUM 5.6

CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS 2.0LOW 3.8

CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2023-3301

BDU:2024-04483

HIGH7.1

Уязвимость файловой системы сквозного доступа 9p (9pfs) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю обойти существующую политику ограничения доступа

Published: 2024-06-13Modified: 2024-11-14

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:N

References

CVE-2023-2861

CVE-2023-0330

MEDIUM6.0

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Published: 2023-03-06Modified: 2024-11-21

CVSS 3.xMEDIUM 6.0

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

References

CVE-2023-2861

HIGH7.1

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Published: 2023-12-06Modified: 2024-11-21

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

CVE-2023-3301

MEDIUM5.6

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Published: 2023-09-13Modified: 2024-11-21

CVSS 3.xMEDIUM 5.6

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

References

CVE-2023-42467

MEDIUM5.5

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

Published: 2023-09-11Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Package update qemu in branch sisyphus

Closed issues (8)

Уязвимость компонента lsi53c895a.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции scsi_disk_reset() (hw/scsi/scsi-disk.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость интерфейса virtio-net эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.