All errata/sisyphus/ALT-PU-2024-1248-3
ALT-PU-2024-1248-3

Package update qemu in branch sisyphus

Version8.2.0-alt1
Task#337487
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (12)

BDU:2022-05840
MEDIUM5.5

Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-09-21Modified: 2023-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
References
BDU:2023-07853
MEDIUM6.4

Уязвимость функции ide_dma_cb() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании

Published: 2023-11-15Modified: 2025-08-19
CVSS 3.xMEDIUM 6.4
CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 5.9
CVSS:2.0/AV:L/AC:H/Au:M/C:C/I:C/A:C
References
BDU:2024-03245
HIGH8.2

Уязвимость функции esp_do_nodma файла hw/scsi/esp.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-04-25Modified: 2025-09-10
CVSS 3.xHIGH 8.2
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2024-04419
MEDIUM6.5

Уязвимость функции inflate_buffer() VNC-сервера QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-06-07Modified: 2025-08-19
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
References
BDU:2024-04883
MEDIUM6.5

Уязвимость компонента e1000e сервера QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-06-28Modified: 2025-08-19
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
References
BDU:2024-04886
MEDIUM5.3

Уязвимость интерфейса virtio-net сервера QEMU, позволяющая нарушителю вызвать утечку информации

Published: 2024-06-28Modified: 2025-08-19
CVSS 3.xMEDIUM 5.3
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:P/A:P
References
CVE-2021-3527
MEDIUM5.5

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

Published: 2021-05-26Modified: 2024-11-21
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2023-3019
MEDIUM6.5

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

Published: 2023-07-24Modified: 2025-11-03
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References
CVE-2023-3255
MEDIUM6.5

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

Published: 2023-09-13Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2023-5088
HIGH7.0

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

Published: 2023-11-03Modified: 2025-11-03
CVSS 3.xHIGH 7.0
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-6693
MEDIUM5.3

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

Published: 2024-01-02Modified: 2025-11-03
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References
CVE-2024-24474
HIGH8.8

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

Published: 2024-02-20Modified: 2025-06-25
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References