SB20230808136 - SUSE update for qemu

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2861)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in the 9p passthrough filesystem (9pfs) implementation in QEMU. A local user can escape from the exported 9p tree by creating and opening a device file in the shared folder.

2) Infinite loop (CVE-ID: CVE-2023-3255)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the vnc_client_cut_text_ext function in ui/vnc-clipboard.c. A remote authenticated client who is able to send a clipboard to the QEMU built-in VNC server can perform a denial of service conditions.

3) Reachable Assertion (CVE-ID: CVE-2023-3301)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion. When a peer nic is still attached to the vdpa backend, it is too early to free up the vhost-net and vdpa structures. If these structures are freed here, then QEMU crashes when the guest is being shut down.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2023/suse-su-20233234-1/