SB2023042734 - SUSE update for qemu 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023042734

SB2023042734 - SUSE update for qemu

Published: April 27, 2023

Security Bulletin ID SB2023042734
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2020-14394)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. A privileged user on the guest OS can consume all available system resources and cause denial of service conditions of the QEMU process on the host.


2) Heap-based buffer overflow (CVE-ID: CVE-2021-3507)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the fdctrl_transfer_handler() function in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A remote privileged user on the guest OS can trigger a heap-based buffer overflow and crash the QEMU process on the host OS.


Remediation

Install update from vendor's website.

References