Описание
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
QEMU's Machine Protocol (QMP) is designed to enable remote applications (ex. Libvirt) to control and manage QEMU process instances. It is meant to be used by trusted users and applications. The TCP server socket is only one of the transport options supported by QMP; other, more secure options, being local UNIX socket. If one is able to run 'migrate' command, the user already has access to the guest VM. Then migrating guest state to an unworthy remote machine via nc is not really a security issue.
Libvirt only uses local UNIX sockets to interact with the guest VMs that it manages. This UNIX socket is owned by the same user-id as the QEMU process instance. Other users on the system cannot connect to the UNIX socket. Libvirt also creates a unique per-VM sVirt label so VMs cannot access each other's UNIX sockets, even though they are owned by the same system user-id.
Отчет
The QEMU Machine Protocol (QMP) is for administrative control of QEMU instances. Access to QMP allows an attacker to manipulate all aspects of guest virtual machines by design, and as a consequence it must not be exposed to unprivileged users. Because an attacker could use access to QMP to compromise a system regardless of the presence of this vulnerability, and because correct access controls applied to the network connections used by QMP would prevent exploitation of this vulnerability, Red Hat assesses its impact as Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 8 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | qemu-kvm-rhev | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | qemu-kvm-rhev | Not affected |
Показывать по
Дополнительная информация
EPSS
0 Low
CVSS3
Связанные уязвимости
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerabl ...
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
EPSS
0 Low
CVSS3