Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-10353

app-emulation/qemu-6.2.0 - multiple vulnerabilities

XMLWordPrintable

    • Icon: Security Vulnerability Security Vulnerability
    • Resolution: Fixed
    • Icon: Severe (Users) Severe (Users)
    • None
    • None
    • Always good to update qemu, and these vulns allow a guest/privileged guest to potentially affect the host system, so we want to get this fixed. This is a no-no.

      found by scanning system with vulner

      {
  "id": "CVE-2021-3947",
  "is_known_exploited_vuln": false,
  "description": "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-3947",
    "https://bugzilla.redhat.com/show_bug.cgi?id=2021869",
    "https://security.netapp.com/advisory/ntap-20220318-0003/",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}
{
  "id": "CVE-2021-4206",
  "is_known_exploited_vuln": false,
  "description": "A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-4206",
    "https://starlabs.sg/advisories/21-4206/",
    "https://bugzilla.redhat.com/show_bug.cgi?id=2036998",
    "https://www.debian.org/security/2022/dsa-5133",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}
{
  "id": "CVE-2021-4207",
  "is_known_exploited_vuln": false,
  "description": "A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-4207",
    "https://starlabs.sg/advisories/21-4207/",
    "https://bugzilla.redhat.com/show_bug.cgi?id=2036966",
    "https://www.debian.org/security/2022/dsa-5133",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}
{
  "id": "CVE-2022-26354",
  "is_known_exploited_vuln": false,
  "description": "A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2022-26354",
    "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf",
    "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html",
    "https://security.netapp.com/advisory/ntap-20220425-0003/",
    "https://www.debian.org/security/2022/dsa-5133",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}
{
  "id": "CVE-2022-1050",
  "is_known_exploited_vuln": false,
  "description": "A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2022-1050",
    "https://bugzilla.redhat.com/show_bug.cgi?id=2069625"
  ]
}
{
  "id": "CVE-2021-3611",
  "is_known_exploited_vuln": false,
  "description": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-3611",
    "https://bugzilla.redhat.com/show_bug.cgi?id=1973784",
    "https://gitlab.com/qemu-project/qemu/-/issues/542",
    "https://security.netapp.com/advisory/ntap-20220624-0001/",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}
{
  "id": "CVE-2022-35414",
  "is_known_exploited_vuln": false,
  "description": "softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2022-35414",
    "https://www.mail-archive.com/qemu-devel@nongnu.org/msg895266.html",
    "https://gitlab.com/qemu-project/qemu/-/issues/1065",
    "https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c",
    "https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148",
    "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa",
    "https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c",
    "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482",
    "https://sick.codes/sick-2022-113"
  ]
}
{
  "id": "CVE-2022-26353",
  "is_known_exploited_vuln": false,
  "description": "A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2022-26353",
    "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html",
    "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37",
    "https://security.netapp.com/advisory/ntap-20220425-0003/",
    "https://www.debian.org/security/2022/dsa-5133",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}
{
  "id": "CVE-2021-3750",
  "is_known_exploited_vuln": false,
  "description": "A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-3750",
    "https://gitlab.com/qemu-project/qemu/-/issues/556",
    "https://bugzilla.redhat.com/show_bug.cgi?id=1999073",
    "https://gitlab.com/qemu-project/qemu/-/issues/541",
    "https://security.netapp.com/advisory/ntap-20220624-0003/",
    "https://security.gentoo.org/glsa/202208-27"
  ]
}

            coffnix coffnix
            mrl5 mrl5
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: