SB2024081312 - Ubuntu update for qemu

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2023-6683)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing ClientCutText messages within the QEMU built-in VNC server. A remote authenticated VNC client can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) Stack-based buffer overflow (CVE-ID: CVE-2023-6693)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when flushing TX in the virtio_net_flush_tx() function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. A local user can trigger a stack based buffer overflow and execute arbitrary code on the system.

3) Integer underflow (CVE-ID: CVE-2024-24474)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the esp_do_nodma() function in hw/scsi/esp.c. A local user can pass specially crafted data to the application, trigger an integer underflow and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-6954-1