Описание
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.11+dfsg-1ubuntu7.39 |
| devel | released | 1:6.2+dfsg-2ubuntu5 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | 1:2.11+dfsg-1ubuntu7.39 |
| esm-infra/focal | not-affected | 1:4.2-3ubuntu6.21 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 1:4.2-3ubuntu6.21 |
| hirsute | ignored | end of life |
| impish | released | 1:6.0+dfsg-2expubuntu1.2 |
| jammy | released | 1:6.2+dfsg-2ubuntu5 |
Показывать по
EPSS
6.9 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
A use-after-free vulnerability was found in the virtio-net device of Q ...
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
EPSS
6.9 Medium
CVSS2
7.5 High
CVSS3