Описание
Moderate: qemu-kvm security update
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
-
QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow (CVE-2024-26327)
-
QEMU: virtio: DMA reentrancy issue leads to double free vulnerability (CVE-2024-3446)
-
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure (CVE-2024-7409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2264844
- Red Hat - 2274211
- Red Hat - 2302487
Связанные уязвимости
ELSA-2024-12604: virt:kvm_utils3 security update (IMPORTANT)
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.