Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | fixed | 1:10.2.2+ds-1 | package | |
| qemu | no-dsa | trixie | package | |
| qemu | no-dsa | bookworm | package | |
| qemu | not-affected | bullseye | package |
Примечания
Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/85af4e937016ed2f20122eb116597d1abb30c5c0 (v10.2.2)
Связанные уязвимости
CVSS3: 7.8
redhat
около 1 месяца назад
A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service.