Описание
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
A NULL pointer dereference flaw was found in the QEMU emulator's IDE AHCI emulator. Exploitation of the flaw could occur while committing DMA buffer in ahci_commit_buf() if the command header 'ad->cur_cmd' was null. A privileged guest user could use this flaw to crash the QEMU process instance resulting in DoS. Reduced performance of the system is the highest threat to the system.
Отчет
The qemu-kvm package versions as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this issue. The qemu-kvm package version as shipped with Red Hat Enterprise Linux 8 is affected by this issue. Future qemu-kvm updates for Red Hat Enterprise Linux 8 may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 8 | qemu-kvm | Fix deferred | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | qemu-kvm | Fix deferred | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | qemu-kvm-rhev | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.2 Low
CVSS3
Связанные уязвимости
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to ...
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
Уязвимость программного обеспечения для эмуляции аппаратного обеспечения различных платформ QEMU, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.2 Low
CVSS3