SB2022111536 - Multiple vulnerabilities in QEMU
Published: November 15, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-3750)
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the USB EHCI controller emulation of QEMU. A remote guest can trigger a use-after-free error and execute arbitrary code on the host OS.
2) Out-of-bounds write (CVE-ID: CVE-2021-3611)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Intel HD Audio device (intel-hda) of QEMU. A remote user of the guest OS trigger an out-of-bounds write and crash the QEMU process on the host.
Remediation
Install update from vendor's website.
References
- https://gitlab.com/qemu-project/qemu/-/issues/556
- https://bugzilla.redhat.com/show_bug.cgi?id=1999073
- https://gitlab.com/qemu-project/qemu/-/issues/541
- https://security.netapp.com/advisory/ntap-20220624-0003/
- https://security.gentoo.org/glsa/202208-27
- https://bugzilla.redhat.com/show_bug.cgi?id=1973784
- https://gitlab.com/qemu-project/qemu/-/issues/542
- https://security.netapp.com/advisory/ntap-20220624-0001/