SB2021102622 - SUSE update for qemu 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021102622

SB2021102622 - SUSE update for qemu

Published: October 26, 2021

Security Bulletin ID SB2021102622
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2021-3713)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the UAS (USB Attached SCSI) device emulation of QEMU. A local user can perform a denial of service or escalate privileges on the system.


2) Use-after-free (CVE-ID: CVE-2021-3748)

The vulnerability allows a remote guest to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when in the virtio-net device of QEMU. A malicious guest can trigger the use-after-free error and execute arbitrary code on the host system with QEMU privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install update from vendor's website.

References