Описание
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | fixed | 1:10.2.1+ds-1 | package | |
| qemu | fixed | 1:10.0.8+ds-0+deb13u1 | trixie | package |
| qemu | no-dsa | bookworm | package | |
| qemu | not-affected | bullseye | package |
Примечания
https://lore.kernel.org/qemu-devel/20251214090939.408436-1-zhenwei.pi@linux.dev/T/#u
Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/0e660a6f90abf8b517d7317595bcc8e8da31f2a1 (v7.1.0-rc0)
EPSS
Связанные уязвимости
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.
EPSS