SB2024110815 - SUSE update for qemu

Description

This security bulletin contains information about 3 vulnerabilities.

1) Improper synchronization (CVE-ID: CVE-2024-7409)

CWE-ID: CWE-662 - Improper Synchronization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper synchronization during socket closure in the QEMU NBD Server. A malicious guest can perform a denial of service (DoS) attack.

2) Reachable assertion (CVE-ID: CVE-2024-8354)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. A remote attacker can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2024-8612)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak in the virtio-scsi, virtio-blk, and virtio-crypto devices. A local user can gain access to uninitialized data stored in bounce.buffer.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2024/suse-su-20243948-1/