A flaw was found in the QXL display device emulation in QEMU. A double ...

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

ELSA-2022-9668: libvirt libvirt-python security update (IMPORTANT)

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Уязвимость функции qxl_cursor() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить произвольный код

Security update for libvirt

Security update for libvirt

Security update for libvirt

Security update for libvirt

Security update for libvirt

Security update for libvirt

Security update for libvirt

Security update for qemu

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

ELSA-2022-1759: virt:ol and virt-devel:ol security, bug fix, and enhancement update (MODERATE)