Main Vulnerability Database SB2024091288

SB2024091288 - SUSE update for qemu

Published: September 12, 2024

Security Bulletin ID SB2024091288

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2023-6693)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when flushing TX in the virtio_net_flush_tx() function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. A local user can trigger a stack based buffer overflow and execute arbitrary code on the system.

2) Heap-based buffer overflow (CVE-ID: CVE-2024-3447)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SDHCI device emulation. A malicious guest can set both "s->data_count" and the size of "s->fifo_buffer" to the value of "0x200" to trigger an out-of-bound memory access and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20243229-1/

Vulnerable Software

SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
qemu-s390: before 3.1.1.1-75.1
qemu-s390-debuginfo: before 3.1.1.1-75.1
qemu-ppc: before 3.1.1.1-75.1
qemu-ppc-debuginfo: before 3.1.1.1-75.1
qemu-x86: before 3.1.1.1-75.1
qemu-kvm: before 3.1.1.1-75.1
qemu-vgabios: before 1.12.0_0_ga698c89-75.1
qemu-sgabios: before 8-75.1
qemu-seabios: before 1.12.0_0_ga698c89-75.1
qemu-ipxe: before 1.0.0+-75.1
qemu-arm: before 3.1.1.1-75.1
qemu-arm-debuginfo: before 3.1.1.1-75.1
qemu-audio-sdl: before 3.1.1.1-75.1
qemu-audio-pa-debuginfo: before 3.1.1.1-75.1
qemu: before 3.1.1.1-75.1
qemu-audio-pa: before 3.1.1.1-75.1
qemu-guest-agent: before 3.1.1.1-75.1
qemu-ui-curses-debuginfo: before 3.1.1.1-75.1
qemu-audio-oss: before 3.1.1.1-75.1
qemu-block-ssh: before 3.1.1.1-75.1
qemu-ui-curses: before 3.1.1.1-75.1
qemu-block-ssh-debuginfo: before 3.1.1.1-75.1
qemu-audio-oss-debuginfo: before 3.1.1.1-75.1
qemu-block-curl-debuginfo: before 3.1.1.1-75.1
qemu-audio-alsa: before 3.1.1.1-75.1
qemu-lang: before 3.1.1.1-75.1
qemu-block-iscsi: before 3.1.1.1-75.1
qemu-tools: before 3.1.1.1-75.1
qemu-block-iscsi-debuginfo: before 3.1.1.1-75.1
qemu-ui-gtk-debuginfo: before 3.1.1.1-75.1
qemu-block-rbd-debuginfo: before 3.1.1.1-75.1
qemu-audio-alsa-debuginfo: before 3.1.1.1-75.1
qemu-block-rbd: before 3.1.1.1-75.1
qemu-ui-gtk: before 3.1.1.1-75.1
qemu-guest-agent-debuginfo: before 3.1.1.1-75.1
qemu-ui-sdl-debuginfo: before 3.1.1.1-75.1
qemu-tools-debuginfo: before 3.1.1.1-75.1
qemu-block-curl: before 3.1.1.1-75.1
qemu-ui-sdl: before 3.1.1.1-75.1
qemu-audio-sdl-debuginfo: before 3.1.1.1-75.1
qemu-debugsource: before 3.1.1.1-75.1