Описание
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection, resulting in a memory leak. An attacker able to connect to the VNC server could use this flaw to leak host memory, leading to a potential denial of service.
Отчет
This flaw did not affect the versions of qemu-kvm as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.1/qemu-kvm | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Fix deferred | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2020:3906 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Fixed | RHSA-2020:3907 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2020:2774 | 30.06.2020 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2020:2774 | 30.06.2020 |
| Red Hat OpenStack Platform 13.0 (Queens) | qemu-kvm-rhev | Fixed | RHSA-2020:4167 | 05.10.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS3
Связанные уязвимости
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
Уязвимость функции zrle_compress_data программного обеспечения для эмуляции аппаратного обеспечения различных платформ QEMU, связанная с неправильным освобождением памяти перед удалением последней ссылки, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.5 Low
CVSS3