Описание
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
Отчет
The qemu-kvm packages shipped in Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this issue because the LSI53C895A device is not enabled.
Additionally, LSI53C895A emulation is not used for virtualized production services. Therefore, it is unlikely to be used in association with untrusted guests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI H ...
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
Уязвимость реализации виртуального адаптера хост-шины LSI53C895A SCSI эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
8.2 High
CVSS3