Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:0099

Опубликовано: 12 янв. 2023
Источник: rocky
Оценка: Moderate

Описание

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read (CVE-2022-4144)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • libvirt kills virtual machine on restart when 2M and 1G hugepages are mounted (BZ#2132176)

  • VMs hung on vnc_clipboard_send (BZ#2148504)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
hivexx86_6423.module+el8.7.0+1084+97b81f61hivex-1.3.18-23.module+el8.7.0+1084+97b81f61.x86_64.rpm
hivex-develx86_6423.module+el8.7.0+1084+97b81f61hivex-devel-1.3.18-23.module+el8.7.0+1084+97b81f61.x86_64.rpm
libguestfsx86_649.module+el8.7.0+1084+97b81f61.rockylibguestfs-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.x86_64.rpm
libguestfs-appliancex86_649.module+el8.7.0+1084+97b81f61.rockylibguestfs-appliance-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.x86_64.rpm
libguestfs-bash-completionnoarch9.module+el8.7.0+1084+97b81f61.rockylibguestfs-bash-completion-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.noarch.rpm
libguestfs-develx86_649.module+el8.7.0+1084+97b81f61.rockylibguestfs-devel-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.x86_64.rpm
libguestfs-gfs2x86_649.module+el8.7.0+1084+97b81f61.rockylibguestfs-gfs2-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.x86_64.rpm
libguestfs-gobjectx86_649.module+el8.7.0+1084+97b81f61.rockylibguestfs-gobject-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.x86_64.rpm
libguestfs-gobject-develx86_649.module+el8.7.0+1084+97b81f61.rockylibguestfs-gobject-devel-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.x86_64.rpm
libguestfs-inspect-iconsnoarch9.module+el8.7.0+1084+97b81f61.rockylibguestfs-inspect-icons-1.44.0-9.module+el8.7.0+1084+97b81f61.rocky.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-4144

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-4144

CVSS3: 6.5
ubuntu
больше 2 лет назад

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

redhat логотип

CVE-2022-4144

CVSS3: 6.5
redhat
больше 2 лет назад

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

nvd логотип

CVE-2022-4144

CVSS3: 6.5
nvd
больше 2 лет назад

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

msrc логотип

CVE-2022-4144

CVSS3: 6.5
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-4144

CVSS3: 6.5
debian
больше 2 лет назад

An out-of-bounds read flaw was found in the QXL display device emulati ...