openEuler 20.03 LTS SP1 update for qemu



Published: 2024-04-29
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2023-0330
CVE-2024-3446
CVE-2024-3447
CWE-ID CWE-787
CWE-415
CWE-122
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		openEuler
Operating systems & Components / Operating system

qemu-seabios
Operating systems & Components / Operating system package or component

qemu-help
Operating systems & Components / Operating system package or component

qemu-block-rbd
Operating systems & Components / Operating system package or component

qemu-guest-agent
Operating systems & Components / Operating system package or component

qemu-block-ssh
Operating systems & Components / Operating system package or component

qemu-block-curl
Operating systems & Components / Operating system package or component

qemu-debuginfo
Operating systems & Components / Operating system package or component

qemu-img
Operating systems & Components / Operating system package or component

qemu-block-iscsi
Operating systems & Components / Operating system package or component

qemu-debugsource
Operating systems & Components / Operating system package or component

qemu
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU77499

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0330

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within hw/scsi/lsi53c895a.c in QEMU caused by a DMA-MMIO reentrancy problem. A local privileged user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

qemu-seabios: before 4.1.0-79

qemu-help: before 4.1.0-79

qemu-block-rbd: before 4.1.0-79

qemu-guest-agent: before 4.1.0-79

qemu-block-ssh: before 4.1.0-79

qemu-block-curl: before 4.1.0-79

qemu-debuginfo: before 4.1.0-79

qemu-img: before 4.1.0-79

qemu-block-iscsi: before 4.1.0-79

qemu-debugsource: before 4.1.0-79

qemu: before 4.1.0-79

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1505


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double free

EUVDB-ID: #VU89047

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3446

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to a boundary error in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. A malicious guest can trigger a double free error and execute arbitrary code within the context of the QEMU process on the host.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

qemu-seabios: before 4.1.0-79

qemu-help: before 4.1.0-79

qemu-block-rbd: before 4.1.0-79

qemu-guest-agent: before 4.1.0-79

qemu-block-ssh: before 4.1.0-79

qemu-block-curl: before 4.1.0-79

qemu-debuginfo: before 4.1.0-79

qemu-img: before 4.1.0-79

qemu-block-iscsi: before 4.1.0-79

qemu-debugsource: before 4.1.0-79

qemu: before 4.1.0-79

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1505


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU89048

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3447

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SDHCI device emulation. A malicious guest can set both "s->data_count" and the size of "s->fifo_buffer" to the value of "0x200" to trigger an out-of-bound memory access and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

qemu-seabios: before 4.1.0-79

qemu-help: before 4.1.0-79

qemu-block-rbd: before 4.1.0-79

qemu-guest-agent: before 4.1.0-79

qemu-block-ssh: before 4.1.0-79

qemu-block-curl: before 4.1.0-79

qemu-debuginfo: before 4.1.0-79

qemu-img: before 4.1.0-79

qemu-block-iscsi: before 4.1.0-79

qemu-debugsource: before 4.1.0-79

qemu: before 4.1.0-79

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1505


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###