SB2023012483 - Red Hat Enterprise Linux 8.6 Extended Update Support update for the virt:rhel and virt-devel:rhel modules
Published: January 24, 2023
Security Bulletin ID
SB2023012483
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2022-4144)
The vulnerability allows a malicious guest user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the qxl_phys2virt() function in the QXL display device emulation in QEMU. A malicious guest user can trigger an out-of-bounds read error and crash the QEMU process on the host
Remediation
Install update from vendor's website.