Main Vulnerability Database SB2022030138

SB2022030138 - Anolis OS update for virt:an module

Published: March 1, 2022 Updated: March 28, 2025

Security Bulletin ID SB2022030138

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Off-by-one (CVE-ID: CVE-2021-3930)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error in the SCSI device emulation in QEMU. A remote user on the guest OS can can trigger an off-by-one error while processing MODE SELECT commands in mode_sense_page() if the 'page' argument is set to MODE_PAGE_ALLS (0x3f). Successful exploitation of the vulnerability may result in QEMU crash.

2) Infinite loop (CVE-ID: CVE-2021-20257)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the e1000 NIC emulator when processing transmits (tx) descriptors in process_tx_desc of QEMU. A remote user can consume all available CPU resources and cause denial of service conditions.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2022:0027

Vulnerable Software

Anolis OS: 8
libguestfs-tools: before 1.40.2-28.0.1
libguestfs-man-pages-uk: before 1.40.2-28.0.1
libguestfs-man-pages-ja: before 1.40.2-28.0.1
libguestfs-javadoc: before 1.40.2-28.0.1
libguestfs-inspect-icons: before 1.40.2-28.0.1
libguestfs-bash-completion: before 1.40.2-28.0.1
virt-v2v: before 1.40.2-28.0.1
qemu-kvm-block-gluster: before 4.2.0-59.0.2
virt-dib: before 1.40.2-28.0.1
ruby-libguestfs: before 1.40.2-28.0.1
qemu-kvm-tests: before 4.2.0-59.0.2
qemu-kvm-core: before 4.2.0-59.0.2
qemu-kvm-common: before 4.2.0-59.0.2
qemu-kvm-block-ssh: before 4.2.0-59.0.2
qemu-kvm-block-rbd: before 4.2.0-59.0.2
qemu-kvm-block-iscsi: before 4.2.0-59.0.2
qemu-kvm-block-curl: before 4.2.0-59.0.2
qemu-kvm: before 4.2.0-59.0.2
qemu-img: before 4.2.0-59.0.2
qemu-guest-agent: before 4.2.0-59.0.2
python3-libnbd: before 1.2.2-1.0.1
python3-libguestfs: before 1.40.2-28.0.1
perl-Sys-Guestfs: before 1.40.2-28.0.1
ocaml-libguestfs-devel: before 1.40.2-28.0.1
ocaml-libguestfs: before 1.40.2-28.0.1
nbdfuse: before 1.2.2-1.0.1
lua-guestfs: before 1.40.2-28.0.1
libvirt-nss: before 6.0.0-37.1.0.1
libvirt-lock-sanlock: before 6.0.0-37.1.0.1
libvirt-libs: before 6.0.0-37.1.0.1
libvirt-docs: before 6.0.0-37.1.0.1
libvirt-devel: before 6.0.0-37.1.0.1
libvirt-daemon-kvm: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-scsi: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-rbd: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-mpath: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-logical: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-iscsi-direct: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-iscsi: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-gluster: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-disk: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage-core: before 6.0.0-37.1.0.1
libvirt-daemon-driver-storage: before 6.0.0-37.1.0.1
libvirt-daemon-driver-secret: before 6.0.0-37.1.0.1
libvirt-daemon-driver-qemu: before 6.0.0-37.1.0.1
libvirt-daemon-driver-nwfilter: before 6.0.0-37.1.0.1
libvirt-daemon-driver-nodedev: before 6.0.0-37.1.0.1
libvirt-daemon-driver-network: before 6.0.0-37.1.0.1
libvirt-daemon-driver-interface: before 6.0.0-37.1.0.1
libvirt-daemon-config-nwfilter: before 6.0.0-37.1.0.1
libvirt-daemon-config-network: before 6.0.0-37.1.0.1
libvirt-daemon: before 6.0.0-37.1.0.1
libvirt-client: before 6.0.0-37.1.0.1
libvirt-bash-completion: before 6.0.0-37.1.0.1
libvirt-admin: before 6.0.0-37.1.0.1
libvirt: before 6.0.0-37.1.0.1
libnbd-devel: before 1.2.2-1.0.1
libnbd: before 1.2.2-1.0.1
libguestfs-xfs: before 1.40.2-28.0.1
libguestfs-tools-c: before 1.40.2-28.0.1
libguestfs-rsync: before 1.40.2-28.0.1
libguestfs-rescue: before 1.40.2-28.0.1
libguestfs-java-devel: before 1.40.2-28.0.1
libguestfs-java: before 1.40.2-28.0.1
libguestfs-gobject-devel: before 1.40.2-28.0.1
libguestfs-gobject: before 1.40.2-28.0.1
libguestfs-gfs2: before 1.40.2-28.0.1
libguestfs-devel: before 1.40.2-28.0.1
libguestfs-benchmarking: before 1.40.2-28.0.1
libguestfs: before 1.40.2-28.0.1
sgabios-bin: before 0.20170427git-3
seavgabios-bin: before 1.13.0-2
seabios-bin: before 1.13.0-2
nbdkit-bash-completion: before 1.16.2-4
sgabios: before 0.20170427git-3
seabios: before 1.13.0-2
nbdkit-vddk-plugin: before 1.16.2-4
supermin-devel: before 5.1.19-10
supermin: before 5.1.19-10
ruby-hivex: before 1.3.18-21
python3-libvirt: before 6.0.0-1
python3-hivex: before 1.3.18-21
perl-hivex: before 1.3.18-21
perl-Sys-Virt: before 6.0.0-1
ocaml-hivex-devel: before 1.3.18-21
ocaml-hivex: before 1.3.18-21
netcf-libs: before 0.2.8-12
netcf-devel: before 0.2.8-12
netcf: before 0.2.8-12
nbdkit-xz-filter: before 1.16.2-4
nbdkit-ssh-plugin: before 1.16.2-4
nbdkit-server: before 1.16.2-4
nbdkit-python-plugin: before 1.16.2-4
nbdkit-linuxdisk-plugin: before 1.16.2-4
nbdkit-gzip-plugin: before 1.16.2-4
nbdkit-example-plugins: before 1.16.2-4
nbdkit-devel: before 1.16.2-4
nbdkit-curl-plugin: before 1.16.2-4
nbdkit-basic-plugins: before 1.16.2-4
nbdkit-basic-filters: before 1.16.2-4
nbdkit: before 1.16.2-4
libvirt-dbus: before 1.3.0-2
libguestfs-winsupport: before 8.2-1
hivex-devel: before 1.3.18-21
hivex: before 1.3.18-21

SB2022030138 - Anolis OS update for virt:an module

Breakdown by Severity

Description

Remediation

References

Please verify you're human