All errata/c10f2/ALT-PU-2023-6851-3
ALT-PU-2023-6851-3

Package update qemu in branch c10f2

Version8.0.4-alt1.p10
Task#333298
Published2023-11-13
Max severityHIGH
Severity:

Closed issues (11)

BDU:2023-04834
MEDIUM6.0

Уязвимость компонента lsi53c895a.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-08-21Modified: 2024-11-14
CVSS 3.xMEDIUM 6.0
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:L/AC:L/Au:M/C:N/I:N/A:C
References
BDU:2023-05003
HIGH7.5

Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-08-30Modified: 2025-03-05
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2023-05459
MEDIUM5.7

Уязвимость функции scsi_disk_reset() (hw/scsi/scsi-disk.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-09-12Modified: 2025-03-05
CVSS 3.xMEDIUM 5.7
CVSS:3.x/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 5.5
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2023-0330
MEDIUM6.0

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Published: 2023-03-06Modified: 2024-11-21
CVSS 3.xMEDIUM 6.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
References
CVE-2023-2861
HIGH7.1

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Published: 2023-12-06Modified: 2024-11-21
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
CVE-2023-3180
MEDIUM6.5

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Published: 2023-08-03Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References
CVE-2023-3255
MEDIUM6.5

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

Published: 2023-09-13Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2023-3301
MEDIUM5.6

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Published: 2023-09-13Modified: 2024-11-21
CVSS 3.xMEDIUM 5.6
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References
CVE-2023-3354
HIGH7.5

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Published: 2023-07-11Modified: 2024-11-21
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2023-4135
MEDIUM6.5

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

Published: 2023-08-04Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References
CVE-2023-42467
MEDIUM5.5

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

Published: 2023-09-11Modified: 2024-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References