Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:5264

Опубликовано: 11 мар. 2026
Источник: rocky
Оценка: Important

Описание

Important: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service (CVE-2023-3354)

  • NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image (CVE-2022-40284)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • "No bootable device" with OS boot disk interface VirtIO-SCSI and with more than 9 VirtIO disks. (BZ#2228485)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
hivexx86_6423.module+el8.10.0+1835+43f01cbbhivex-1.3.18-23.module+el8.10.0+1835+43f01cbb.x86_64.rpm
hivex-develx86_6423.module+el8.10.0+1835+43f01cbbhivex-devel-1.3.18-23.module+el8.10.0+1835+43f01cbb.x86_64.rpm
libguestfsx86_649.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.x86_64.rpm
libguestfs-appliancex86_649.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-appliance-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.x86_64.rpm
libguestfs-bash-completionnoarch9.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-bash-completion-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.noarch.rpm
libguestfs-develx86_649.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-devel-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.x86_64.rpm
libguestfs-gfs2x86_649.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-gfs2-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.x86_64.rpm
libguestfs-gobjectx86_649.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-gobject-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.x86_64.rpm
libguestfs-gobject-develx86_649.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-gobject-devel-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.x86_64.rpm
libguestfs-inspect-iconsnoarch9.module+el8.10.0+1835+43f01cbb.rocky.rockylibguestfs-inspect-icons-1.44.0-9.module+el8.10.0+1835+43f01cbb.rocky.rocky.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-40284
CVE-2023-3354

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2023-5264

oracle-oval
около 1 месяца назад

ELSA-2023-5264: virt:ol and virt-devel:ol security and bug fix update (IMPORTANT)

ubuntu логотип

CVE-2022-40284

CVSS3: 7.8
ubuntu
больше 3 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

redhat логотип

CVE-2022-40284

CVSS3: 3.3
redhat
больше 3 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

nvd логотип

CVE-2022-40284

CVSS3: 7.8
nvd
больше 3 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

msrc логотип

CVE-2022-40284

CVSS3: 7.8
msrc
больше 3 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.