Описание
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
A NULL pointer dereference bug was found in the rocker device (emulated ethernet switch) of QEMU. The rocker_tlv_parse_nested() function could return early because of no group ids in the group_tlvs array. In such case, the tlvs pointer is NULL and tlvs[i + 1] in the next for-loop iteration ends up dereferencing a NULL pointer.
Отчет
Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this bug, as the rocker device is not built and shipped with Red Hat qemu-kvm packages. Also, according to the QEMU upstream security guidelines [1] Red Hat Product Security does not consider this to be a vulnerability because it does not fall under the Virtualization Use Case; the rocker device is mainly used in development environments where the guest is assumed to be trusted.
[1] https://www.qemu.org/docs/master/system/security.html
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected |
Показывать по
Дополнительная информация
EPSS
0 Low
CVSS3
Связанные уязвимости
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device ...
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
EPSS
0 Low
CVSS3