SB2024043004 - Red Hat Enterprise Linux 9 update for qemu-kvm

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024043004

SB2024043004 - Red Hat Enterprise Linux 9 update for qemu-kvm

Published: April 30, 2024

Security Bulletin ID SB2024043004
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2023-3019)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the e1000e_write_packet_to_guest() function in the e1000e NIC emulation code in QEMU. A local user can trigger DMA reentrancy and crash the QEMU process on the host.


2) Infinite loop (CVE-ID: CVE-2023-3255)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the vnc_client_cut_text_ext function in ui/vnc-clipboard.c. A remote authenticated client who is able to send a clipboard to the QEMU built-in VNC server can perform a denial of service conditions.


3) Improper synchronization (CVE-ID: CVE-2023-5088)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper synchronization, which causes guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead. An L2 guest with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor can read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.


4) NULL pointer dereference (CVE-ID: CVE-2023-6683)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing ClientCutText messages within the QEMU built-in VNC server. A remote authenticated VNC client can pass specially crafted data to the application and perform a denial of service (DoS) attack.


5) Division by zero (CVE-ID: CVE-2023-42467)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a division by zero error within the scsi_disk_reset() function in hw/scsi/scsi-disk.c. A local user can pass specially crafted data to the application and crash it.


Remediation

Install update from vendor's website.

References