SB20250328437 - Anolis OS update for qemu

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2024-26328)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. The register_vfs() function in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF. A malicious guest can perform a denial of service (DoS) attack.

2) Heap-based buffer overflow (CVE-ID: CVE-2024-3447)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SDHCI device emulation. A malicious guest can set both "s->data_count" and the size of "s->fifo_buffer" to the value of "0x200" to trigger an out-of-bound memory access and perform a denial of service (DoS) attack.

3) Operation on a Resource after Expiration or Release (CVE-ID: CVE-2024-4693)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to an improper release and use of the irqfd for vector 0 during the boot process in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). A malicious guest can crash the QUEMU host process via vhost_net_stop().

Remediation

Install update from vendor's website.

References

• https://anas.openanolis.cn/errata/detail/ANSA-2024:1189