ALT-PU-2023-4832-1

Обновление пакета qemu в ветке sisyphus_riscv64

Версия8.0.3-alt0.1.rv64

Задание#0

Опубликовано2023-08-09

Макс. серьёзностьHIGH

Серьёзность:

Закрытые проблемы (3)

MEDIUM6.0

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Опубликовано: 2023-03-06Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 6.0

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Ссылки

HIGH7.1

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Опубликовано: 2023-12-06Изменено: 2024-11-21

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Ссылки

MEDIUM5.6

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Опубликовано: 2023-09-13Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 5.6

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Ссылки