SB2024042958 - openEuler 22.03 LTS SP2 update for qemu
Published: April 29, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-0330)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within hw/scsi/lsi53c895a.c in QEMU caused by a DMA-MMIO reentrancy problem. A local privileged user can trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Double free (CVE-ID: CVE-2024-3446)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to a boundary error in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. A malicious guest can trigger a double free error and execute arbitrary code within the context of the QEMU process on the host.
3) Heap-based buffer overflow (CVE-ID: CVE-2024-3447)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the SDHCI device emulation. A malicious guest can set both "s->data_count" and the size of "s->fifo_buffer" to the value of "0x200" to trigger an out-of-bound memory access and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.