Lucene search

K
almalinux
AlmaLinuxALSA-2021:1762
HistoryMay 18, 2021 - 6:02 a.m.

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

2021-05-1806:02:26
errata.almalinux.org
11

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.0%

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c (CVE-2020-25637)

  • QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c (CVE-2020-27821)

  • QEMU: ide: atapi: OOB access while processing read commands (CVE-2020-29443)

  • QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure (CVE-2020-11947)

  • QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092)

  • QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c (CVE-2020-25707)

  • QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723)

  • QEMU: e1000e: infinite loop scenario in case of null packet descriptor (CVE-2020-28916)

  • QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets (CVE-2020-29129, CVE-2020-29130)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.0%

Related for ALSA-2021:1762