Main Vulnerability Database SB20250328160

SB20250328160 - Anolis OS update for virt:an module

Published: March 28, 2025

Security Bulletin ID SB20250328160

Severity

Medium

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Infinite loop (CVE-ID: CVE-2023-3255)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the vnc_client_cut_text_ext function in ui/vnc-clipboard.c. A remote authenticated client who is able to send a clipboard to the QEMU built-in VNC server can perform a denial of service conditions.

2) Improper synchronization (CVE-ID: CVE-2023-5088)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper synchronization, which causes guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead. An L2 guest with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor can read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

3) NULL pointer dereference (CVE-ID: CVE-2023-6683)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing ClientCutText messages within the QEMU built-in VNC server. A remote authenticated VNC client can pass specially crafted data to the application and perform a denial of service (DoS) attack.

4) Stack-based buffer overflow (CVE-ID: CVE-2023-6693)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when flushing TX in the virtio_net_flush_tx() function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. A local user can trigger a stack based buffer overflow and execute arbitrary code on the system.

5) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-2494)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled memory allocation within the g_new0() function. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2024:0471

Vulnerable Software

Anolis OS: 8
libnbd-bash-completion: before 1.6.0-5.0.2
qemu-user-static: before 6.2.0-49.0.1
qemu-kvm-ui-spice: before 6.2.0-49.0.1
qemu-kvm-ui-opengl: before 6.2.0-49.0.1
qemu-kvm-hw-usbredir: before 6.2.0-49.0.1
qemu-kvm-block-gluster: before 6.2.0-49.0.1
qemu-kvm-tests: before 6.2.0-49.0.1
qemu-kvm-docs: before 6.2.0-49.0.1
qemu-kvm-core: before 6.2.0-49.0.1
qemu-kvm-common: before 6.2.0-49.0.1
qemu-kvm-block-ssh: before 6.2.0-49.0.1
qemu-kvm-block-rbd: before 6.2.0-49.0.1
qemu-kvm-block-iscsi: before 6.2.0-49.0.1
qemu-kvm-block-curl: before 6.2.0-49.0.1
qemu-kvm: before 6.2.0-49.0.1
qemu-img: before 6.2.0-49.0.1
qemu-guest-agent: before 6.2.0-49.0.1
python3-libnbd: before 1.6.0-5.0.2
ocaml-libnbd-devel: before 1.6.0-5.0.2
ocaml-libnbd: before 1.6.0-5.0.2
netcf-libs: before 0.2.8-12.0.1
netcf-devel: before 0.2.8-12.0.1
netcf: before 0.2.8-12.0.1
nbdfuse: before 1.6.0-5.0.2
libvirt-wireshark: before 8.0.0-23.1.0.1
libvirt-nss: before 8.0.0-23.1.0.1
libvirt-lock-sanlock: before 8.0.0-23.1.0.1
libvirt-libs: before 8.0.0-23.1.0.1
libvirt-docs: before 8.0.0-23.1.0.1
libvirt-devel: before 8.0.0-23.1.0.1
libvirt-daemon-kvm: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-scsi: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-rbd: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-mpath: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-logical: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-iscsi-direct: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-iscsi: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-gluster: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-disk: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage-core: before 8.0.0-23.1.0.1
libvirt-daemon-driver-storage: before 8.0.0-23.1.0.1
libvirt-daemon-driver-secret: before 8.0.0-23.1.0.1
libvirt-daemon-driver-qemu: before 8.0.0-23.1.0.1
libvirt-daemon-driver-nwfilter: before 8.0.0-23.1.0.1
libvirt-daemon-driver-nodedev: before 8.0.0-23.1.0.1
libvirt-daemon-driver-network: before 8.0.0-23.1.0.1
libvirt-daemon-driver-interface: before 8.0.0-23.1.0.1
libvirt-daemon-config-nwfilter: before 8.0.0-23.1.0.1
libvirt-daemon-config-network: before 8.0.0-23.1.0.1
libvirt-daemon: before 8.0.0-23.1.0.1
libvirt-client: before 8.0.0-23.1.0.1
libvirt: before 8.0.0-23.1.0.1
libnbd-devel: before 1.6.0-5.0.2
libnbd: before 1.6.0-5.0.2
libguestfs-winsupport: before 8.10-1
seavgabios-bin: before 1.16.0-4
seabios-bin: before 1.16.0-4
seabios: before 1.16.0-4
supermin-devel: before 5.2.1-2.0.2
supermin: before 5.2.1-2.0.2
virt-v2v-man-pages-uk: before 1.42.0-22
virt-v2v-man-pages-ja: before 1.42.0-22
virt-v2v-bash-completion: before 1.42.0-22
nbdkit-bash-completion: before 1.24.0-5
virt-v2v: before 1.42.0-22
nbdkit-vddk-plugin: before 1.24.0-5
nbdkit-xz-filter: before 1.24.0-5
nbdkit-tmpdisk-plugin: before 1.24.0-5
nbdkit-tar-plugin: before 1.24.0-5
nbdkit-tar-filter: before 1.24.0-5
nbdkit-ssh-plugin: before 1.24.0-5
nbdkit-server: before 1.24.0-5
nbdkit-python-plugin: before 1.24.0-5
nbdkit-nbd-plugin: before 1.24.0-5
nbdkit-linuxdisk-plugin: before 1.24.0-5
nbdkit-gzip-plugin: before 1.24.0-5
nbdkit-gzip-filter: before 1.24.0-5
nbdkit-example-plugins: before 1.24.0-5
nbdkit-devel: before 1.24.0-5
nbdkit-curl-plugin: before 1.24.0-5
nbdkit-basic-plugins: before 1.24.0-5
nbdkit-basic-filters: before 1.24.0-5
nbdkit: before 1.24.0-5
libtpms-devel: before 0.9.1-2.20211126git1ff6fe1f43
libtpms: before 0.9.1-2.20211126git1ff6fe1f43
libguestfs-tools: before 1.44.0-9.0.1
libguestfs-man-pages-uk: before 1.44.0-9.0.1
libguestfs-man-pages-ja: before 1.44.0-9.0.1
libguestfs-javadoc: before 1.44.0-9.0.1
libguestfs-inspect-icons: before 1.44.0-9.0.1
libguestfs-bash-completion: before 1.44.0-9.0.1
virt-dib: before 1.44.0-9.0.1
swtpm-tools-pkcs11: before 0.7.0-4.20211109gitb79fd91
swtpm-tools: before 0.7.0-4.20211109gitb79fd91
swtpm-libs: before 0.7.0-4.20211109gitb79fd91
swtpm-devel: before 0.7.0-4.20211109gitb79fd91
swtpm: before 0.7.0-4.20211109gitb79fd91
ruby-libguestfs: before 1.44.0-9.0.1
python3-libvirt: before 8.0.0-2
python3-libguestfs: before 1.44.0-9.0.1
perl-Sys-Guestfs: before 1.44.0-9.0.1
ocaml-libguestfs-devel: before 1.44.0-9.0.1
ocaml-libguestfs: before 1.44.0-9.0.1
lua-guestfs: before 1.44.0-9.0.1
libguestfs-xfs: before 1.44.0-9.0.1
libguestfs-tools-c: before 1.44.0-9.0.1
libguestfs-rsync: before 1.44.0-9.0.1
libguestfs-rescue: before 1.44.0-9.0.1
libguestfs-java-devel: before 1.44.0-9.0.1
libguestfs-java: before 1.44.0-9.0.1
libguestfs-gobject-devel: before 1.44.0-9.0.1
libguestfs-gobject: before 1.44.0-9.0.1
libguestfs-gfs2: before 1.44.0-9.0.1
libguestfs-devel: before 1.44.0-9.0.1
libguestfs-appliance: before 1.44.0-9.0.1
libguestfs: before 1.44.0-9.0.1
ruby-hivex: before 1.3.18-23
python3-hivex: before 1.3.18-23
perl-hivex: before 1.3.18-23
perl-Sys-Virt: before 8.0.0-1
ocaml-hivex-devel: before 1.3.18-23
ocaml-hivex: before 1.3.18-23
hivex-devel: before 1.3.18-23
hivex: before 1.3.18-23
libiscsi-utils: before 1.18.0-8.0.1
libiscsi-devel: before 1.18.0-8.0.1
libiscsi: before 1.18.0-8.0.1
sgabios-bin: before 0.20170427git-3
sgabios: before 0.20170427git-3
libvirt-dbus: before 1.3.0-2

SB20250328160 - Anolis OS update for virt:an module

Breakdown by Severity

Description

Remediation

References

Please verify you're human