Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3229-1

Опубликовано: 12 сент. 2024
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

  • CVE-2024-3447: Fix heap buffer overflow in sdhci_write_dataport(). (bsc#1218485)
  • CVE-2023-6693: Fix stack buffer overflow in virtio_net_flush_tx(). (bsc#1218484)

Список пакетов

Image SLES12-SP5-EC2-ECS-On-Demand
qemu-tools-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5
qemu-3.1.1.1-75.1
qemu-arm-3.1.1.1-75.1
qemu-audio-alsa-3.1.1.1-75.1
qemu-audio-oss-3.1.1.1-75.1
qemu-audio-pa-3.1.1.1-75.1
qemu-audio-sdl-3.1.1.1-75.1
qemu-block-curl-3.1.1.1-75.1
qemu-block-iscsi-3.1.1.1-75.1
qemu-block-rbd-3.1.1.1-75.1
qemu-block-ssh-3.1.1.1-75.1
qemu-guest-agent-3.1.1.1-75.1
qemu-ipxe-1.0.0+-75.1
qemu-kvm-3.1.1.1-75.1
qemu-lang-3.1.1.1-75.1
qemu-ppc-3.1.1.1-75.1
qemu-s390-3.1.1.1-75.1
qemu-seabios-1.12.0_0_ga698c89-75.1
qemu-sgabios-8-75.1
qemu-tools-3.1.1.1-75.1
qemu-ui-curses-3.1.1.1-75.1
qemu-ui-gtk-3.1.1.1-75.1
qemu-ui-sdl-3.1.1.1-75.1
qemu-vgabios-1.12.0_0_ga698c89-75.1
qemu-x86-3.1.1.1-75.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
qemu-3.1.1.1-75.1
qemu-arm-3.1.1.1-75.1
qemu-audio-alsa-3.1.1.1-75.1
qemu-audio-oss-3.1.1.1-75.1
qemu-audio-pa-3.1.1.1-75.1
qemu-audio-sdl-3.1.1.1-75.1
qemu-block-curl-3.1.1.1-75.1
qemu-block-iscsi-3.1.1.1-75.1
qemu-block-rbd-3.1.1.1-75.1
qemu-block-ssh-3.1.1.1-75.1
qemu-guest-agent-3.1.1.1-75.1
qemu-ipxe-1.0.0+-75.1
qemu-kvm-3.1.1.1-75.1
qemu-lang-3.1.1.1-75.1
qemu-ppc-3.1.1.1-75.1
qemu-s390-3.1.1.1-75.1
qemu-seabios-1.12.0_0_ga698c89-75.1
qemu-sgabios-8-75.1
qemu-tools-3.1.1.1-75.1
qemu-ui-curses-3.1.1.1-75.1
qemu-ui-gtk-3.1.1.1-75.1
qemu-ui-sdl-3.1.1.1-75.1
qemu-vgabios-1.12.0_0_ga698c89-75.1
qemu-x86-3.1.1.1-75.1

Ссылки

Описание

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-75.1
Ссылки

Описание

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-75.1
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-75.1
Ссылки
Уязвимость SUSE-SU-2024:3229-1