Описание
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qemu-kvm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Out of support scope | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/qemu-kvm | Will not fix | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | qemu-kvm-rhev | Out of support scope | ||
| Advanced Virtualization for RHEL 8.4.0.EUS | virt | Fixed | RHSA-2021:5065 | 09.12.2021 |
| Advanced Virtualization for RHEL 8.4.0.EUS | virt-devel | Fixed | RHSA-2021:5065 | 09.12.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.2 Low
CVSS3
Связанные уязвимости
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
An off-by-one error was found in the SCSI device emulation in QEMU. It ...
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
EPSS
3.2 Low
CVSS3