SB2022111555 - Red Hat Enterprise Linux 9 update for qemu-kvm
Published: November 15, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2021-3507)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the fdctrl_transfer_handler() function in hw/block/fdc.c while processing DMA read
data transfers from the floppy drive to the guest system. A remote privileged user on the guest OS can trigger a heap-based buffer overflow and crash the QEMU process on the host OS.
2) Out-of-bounds write (CVE-ID: CVE-2021-3611)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Intel HD Audio device (intel-hda) of QEMU. A remote user of the guest OS trigger an out-of-bounds write and crash the QEMU process on the host.
3) Use-after-free (CVE-ID: CVE-2021-3750)
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the USB EHCI controller emulation of QEMU. A remote guest can trigger a use-after-free error and execute arbitrary code on the host OS.
4) NULL pointer dereference (CVE-ID: CVE-2021-4158)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the ACPI code of QEMU when handling certain values. A privileged user can crash the QEMU process on the host, resulting in a denial of service condition.
Remediation
Install update from vendor's website.