Описание
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
A use-after-free vulnerability was found in the Tiny Code Generator (TCG) Accelerator in QEMU, where the TCG generated code can be in the same memory as the TB data structure. This flaw allows attackers to overwrite the UAF pointer with code produced from TCG and rewrite key pointer values, possibly leading to local privilege escalation and enabling code execution on the host outside of the TCG sandbox.
Отчет
RHEL/QEMU is neither built with TCG Accelerator, nor any layered products that use it. Bugs affecting the Tiny Code Generator (TCG) cannot be considered as security issues in QEMU as per https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local ...
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
Уязвимость компонента TCG Accelerator эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить произвольный код, повысить свои привилегии и выполнить отказ в обслуживании
EPSS
7.4 High
CVSS3