Описание
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
A divide-by-zero flaw was found in the Open Sound System (OSS) implementation of the QEMU emulator. A guest user or process may use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Отчет
Open Sound System (OSS) is deprecated in favor of ALSA and disabled in Red Hat products. This flaw did not affect the following versions of QEMU as they did not include support for OSS:
qemu-kvm-maas shipped with Red Hat Enterprise Linux 7.qemu-kvm-rhevas shipped with Red Hat Virtualization and Red Hat OpenStack.qemu-kvmas shipped with Red Hat Enterprise Linux 6, 7 and 8.virt:8.2/qemu-kvmas shipped with RHEL Advanced Virtualization.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.8 Low
CVSS3
Связанные уязвимости
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
EPSS
3.8 Low
CVSS3