All errata/sisyphus_riscv64/ALT-PU-2023-4832-1
ALT-PU-2023-4832-1

Package update qemu in branch sisyphus_riscv64

Version8.0.3-alt0.1.rv64
Task#0
Published2023-08-09
Max severityHIGH
Severity:

Closed issues (3)

CVE-2023-0330
MEDIUM6.0

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Published: 2023-03-06Modified: 2024-11-21
CVSS 3.xMEDIUM 6.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
References
CVE-2023-2861
HIGH7.1

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Published: 2023-12-06Modified: 2024-11-21
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
CVE-2023-3301
MEDIUM5.6

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Published: 2023-09-13Modified: 2024-11-21
CVSS 3.xMEDIUM 5.6
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References