Описание
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
Отчет
Open Sound System (OSS) is deprecated in favor of ALSA and disabled in Red Hat products. This flaw did not affect the following versions of QEMU as they did not include support for OSS:
qemu-kvm-maas shipped with Red Hat Enterprise Linux 7.qemu-kvm-rhevas shipped with Red Hat Virtualization and Red Hat OpenStack.qemu-kvmas shipped with Red Hat Enterprise Linux 6, 7 and 8.virt:8.2/qemu-kvmas shipped with RHEL Advanced Virtualization.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=1848117QEMU: division by zero in oss_write() in audio/ossaudio.c
EPSS
Процентиль: 29%
0.00101
Низкий
3.8 Low
CVSS3
Связанные уязвимости
CVSS3: 3.3
ubuntu
почти 5 лет назад
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
CVSS3: 3.3
nvd
почти 5 лет назад
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
CVSS3: 3.3
debian
почти 5 лет назад
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...
github
около 3 лет назад
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
EPSS
Процентиль: 29%
0.00101
Низкий
3.8 Low
CVSS3