SB20240611191 - Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel modules
Published: June 11, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2023-3255)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vnc_client_cut_text_ext function in ui/vnc-clipboard.c. A remote authenticated client who is able to send a clipboard to the QEMU built-in VNC server can perform a denial of service conditions.
2) Improper synchronization (CVE-ID: CVE-2023-5088)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper synchronization, which causes guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead. An L2 guest with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor can read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
3) NULL pointer dereference (CVE-ID: CVE-2023-6683)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing ClientCutText messages within the QEMU built-in VNC server. A remote authenticated VNC client can pass specially crafted data to the application and perform a denial of service (DoS) attack.
4) Stack-based buffer overflow (CVE-ID: CVE-2023-6693)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when flushing TX in the virtio_net_flush_tx() function if guest features
VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF
are enabled. A local user can trigger a stack based buffer overflow and execute arbitrary code on the system.
Remediation
Install update from vendor's website.