Описание
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
Отчет
This flaw has been rated as Moderate because it can only be exploited by privileged users within the guest.
Меры по смягчению последствий
A viable mitigation for this vulnerability is to disable RSS on the nic/virtio driver. This can be performed either with the following qemu-kvm command "-device virtio-net-pci,rss=off", or, alternatively, by directly modifying the KVM XML file to disable RSS using a standard configuration tool (ex. libvirt).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | qemu-kvm | Will not fix | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Out of support scope | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Will not fix | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Will not fix | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Will not fix |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS3
Связанные уязвимости
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
A flaw was found in the virtio-net device in QEMU. When enabling the R ...
6.8 Medium
CVSS3