SB2024020250 - Anolis OS update for virt:an module
Published: February 2, 2024 Updated: March 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-3750)
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the USB EHCI controller emulation of QEMU. A remote guest can trigger a use-after-free error and execute arbitrary code on the host OS.
2) Use-after-free (CVE-ID: CVE-2023-3019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the e1000e_write_packet_to_guest() function in the e1000e NIC emulation code in QEMU. A local user can trigger DMA reentrancy and crash the QEMU process on the host.
3) Reachable Assertion (CVE-ID: CVE-2023-3301)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion. When a peer nic is still attached to the vdpa backend, it is too early to free up the vhost-net and vdpa structures. If these structures are freed here, then QEMU crashes when the guest is being shut down.
Remediation
Install update from vendor's website.