ALT Linux Team

Package qemu update in sisyphus on 2024-03-04

ALT-PU-2024-3359-1

Package qemu updated to version 8.2.1-alt1 for branch sisyphus in task 341883.

Closed vulnerabilities

Published: 2023-01-16

BDU:2023-04834

Уязвимость компонента lsi53c895a.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.0) Vector: AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2023-12-16

BDU:2024-00308

Уязвимость функции qemu_clipboard_request() встроенного сервера VNC эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-03-07
Modified: 2024-11-21

CVE-2023-0330

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Severity: MEDIUM (6.0) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2024-01-12
Modified: 2024-11-21

CVE-2023-6683

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top