Описание
Moderate: virt:rhel and virt-devel:rhel security update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
-
QEMU: virtio: DMA reentrancy issue leads to double free vulnerability (CVE-2024-3446)
-
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure (CVE-2024-7409)
-
libnbd: NBD server improper certificate validation (CVE-2024-7383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 2274211
- Red Hat - 2302487
- Red Hat - 2302865
Связанные уязвимости
ELSA-2024-6964: virt:ol and virt-devel:rhel security update (MODERATE)
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.