Описание
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | unfixed | package | ||
| qemu | no-dsa | trixie | package | |
| qemu | no-dsa | bookworm | package | |
| qemu | postponed | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2292089
https://www.zerodayinitiative.com/advisories/ZDI-24-1382/
https://gitlab.com/qemu-project/qemu/-/issues/3090
EPSS
Связанные уязвимости
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
Уязвимость реализации виртуального адаптера хост-шины LSI53C895A SCSI эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS