Lucene search

AmazonALAS2-2023-2148

HistoryJul 17, 2023 - 5:40 p.m.

Medium: qemu

2023-07-1717:40:00

alas.aws.amazon.com

qemu

stack overflow

nic emulators

dos

vulnerability

lsi53c895a

reentrancy

overflow

9pfs

escape

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

Issue Overview:

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. (CVE-2021-3416)

There is a vulnerability in the lsi53c895a device which affects the latest version of qemu. The carefully designed PoC can repeatedly trigger DMA writes but does not limit the addresses written to the DMA, resulting in reentrancy issues and eventually overflow. (CVE-2023-0330)

9pfs: prevent opening special files: A malicious client could potentially escape from the exported 9p tree by creating and opening a device file on host side. (CVE-2023-2861)

Affected Packages:

qemu

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update qemu to update your system.

New Packages:

aarch64:  
    qemu-3.1.0-8.amzn2.0.11.aarch64  
    qemu-common-3.1.0-8.amzn2.0.11.aarch64  
    qemu-guest-agent-3.1.0-8.amzn2.0.11.aarch64  
    qemu-img-3.1.0-8.amzn2.0.11.aarch64  
    ivshmem-tools-3.1.0-8.amzn2.0.11.aarch64  
    qemu-block-curl-3.1.0-8.amzn2.0.11.aarch64  
    qemu-block-dmg-3.1.0-8.amzn2.0.11.aarch64  
    qemu-block-iscsi-3.1.0-8.amzn2.0.11.aarch64  
    qemu-block-nfs-3.1.0-8.amzn2.0.11.aarch64  
    qemu-block-rbd-3.1.0-8.amzn2.0.11.aarch64  
    qemu-block-ssh-3.1.0-8.amzn2.0.11.aarch64  
    qemu-audio-alsa-3.1.0-8.amzn2.0.11.aarch64  
    qemu-audio-oss-3.1.0-8.amzn2.0.11.aarch64  
    qemu-audio-pa-3.1.0-8.amzn2.0.11.aarch64  
    qemu-audio-sdl-3.1.0-8.amzn2.0.11.aarch64  
    qemu-ui-curses-3.1.0-8.amzn2.0.11.aarch64  
    qemu-ui-gtk-3.1.0-8.amzn2.0.11.aarch64  
    qemu-ui-sdl-3.1.0-8.amzn2.0.11.aarch64  
    qemu-kvm-3.1.0-8.amzn2.0.11.aarch64  
    qemu-kvm-core-3.1.0-8.amzn2.0.11.aarch64  
    qemu-user-3.1.0-8.amzn2.0.11.aarch64  
    qemu-user-binfmt-3.1.0-8.amzn2.0.11.aarch64  
    qemu-user-static-3.1.0-8.amzn2.0.11.aarch64  
    qemu-system-aarch64-3.1.0-8.amzn2.0.11.aarch64  
    qemu-system-aarch64-core-3.1.0-8.amzn2.0.11.aarch64  
    qemu-system-x86-3.1.0-8.amzn2.0.11.aarch64  
    qemu-system-x86-core-3.1.0-8.amzn2.0.11.aarch64  
    qemu-debuginfo-3.1.0-8.amzn2.0.11.aarch64  
  
i686:  
    qemu-3.1.0-8.amzn2.0.11.i686  
    qemu-common-3.1.0-8.amzn2.0.11.i686  
    qemu-guest-agent-3.1.0-8.amzn2.0.11.i686  
    qemu-img-3.1.0-8.amzn2.0.11.i686  
    ivshmem-tools-3.1.0-8.amzn2.0.11.i686  
    qemu-block-curl-3.1.0-8.amzn2.0.11.i686  
    qemu-block-dmg-3.1.0-8.amzn2.0.11.i686  
    qemu-block-iscsi-3.1.0-8.amzn2.0.11.i686  
    qemu-block-nfs-3.1.0-8.amzn2.0.11.i686  
    qemu-block-ssh-3.1.0-8.amzn2.0.11.i686  
    qemu-audio-alsa-3.1.0-8.amzn2.0.11.i686  
    qemu-audio-oss-3.1.0-8.amzn2.0.11.i686  
    qemu-audio-pa-3.1.0-8.amzn2.0.11.i686  
    qemu-audio-sdl-3.1.0-8.amzn2.0.11.i686  
    qemu-ui-curses-3.1.0-8.amzn2.0.11.i686  
    qemu-ui-gtk-3.1.0-8.amzn2.0.11.i686  
    qemu-ui-sdl-3.1.0-8.amzn2.0.11.i686  
    qemu-kvm-3.1.0-8.amzn2.0.11.i686  
    qemu-kvm-core-3.1.0-8.amzn2.0.11.i686  
    qemu-user-3.1.0-8.amzn2.0.11.i686  
    qemu-user-binfmt-3.1.0-8.amzn2.0.11.i686  
    qemu-user-static-3.1.0-8.amzn2.0.11.i686  
    qemu-system-aarch64-3.1.0-8.amzn2.0.11.i686  
    qemu-system-aarch64-core-3.1.0-8.amzn2.0.11.i686  
    qemu-system-x86-3.1.0-8.amzn2.0.11.i686  
    qemu-system-x86-core-3.1.0-8.amzn2.0.11.i686  
    qemu-debuginfo-3.1.0-8.amzn2.0.11.i686  
  
src:  
    qemu-3.1.0-8.amzn2.0.11.src  
  
x86_64:  
    qemu-3.1.0-8.amzn2.0.11.x86_64  
    qemu-common-3.1.0-8.amzn2.0.11.x86_64  
    qemu-guest-agent-3.1.0-8.amzn2.0.11.x86_64  
    qemu-img-3.1.0-8.amzn2.0.11.x86_64  
    ivshmem-tools-3.1.0-8.amzn2.0.11.x86_64  
    qemu-block-curl-3.1.0-8.amzn2.0.11.x86_64  
    qemu-block-dmg-3.1.0-8.amzn2.0.11.x86_64  
    qemu-block-iscsi-3.1.0-8.amzn2.0.11.x86_64  
    qemu-block-nfs-3.1.0-8.amzn2.0.11.x86_64  
    qemu-block-rbd-3.1.0-8.amzn2.0.11.x86_64  
    qemu-block-ssh-3.1.0-8.amzn2.0.11.x86_64  
    qemu-audio-alsa-3.1.0-8.amzn2.0.11.x86_64  
    qemu-audio-oss-3.1.0-8.amzn2.0.11.x86_64  
    qemu-audio-pa-3.1.0-8.amzn2.0.11.x86_64  
    qemu-audio-sdl-3.1.0-8.amzn2.0.11.x86_64  
    qemu-ui-curses-3.1.0-8.amzn2.0.11.x86_64  
    qemu-ui-gtk-3.1.0-8.amzn2.0.11.x86_64  
    qemu-ui-sdl-3.1.0-8.amzn2.0.11.x86_64  
    qemu-kvm-3.1.0-8.amzn2.0.11.x86_64  
    qemu-kvm-core-3.1.0-8.amzn2.0.11.x86_64  
    qemu-user-3.1.0-8.amzn2.0.11.x86_64  
    qemu-user-binfmt-3.1.0-8.amzn2.0.11.x86_64  
    qemu-user-static-3.1.0-8.amzn2.0.11.x86_64  
    qemu-system-aarch64-3.1.0-8.amzn2.0.11.x86_64  
    qemu-system-aarch64-core-3.1.0-8.amzn2.0.11.x86_64  
    qemu-system-x86-3.1.0-8.amzn2.0.11.x86_64  
    qemu-system-x86-core-3.1.0-8.amzn2.0.11.x86_64  
    qemu-debuginfo-3.1.0-8.amzn2.0.11.x86_64

Additional References

Red Hat: CVE-2021-3416, CVE-2023-0330, CVE-2023-2861

Mitre: CVE-2021-3416, CVE-2023-0330, CVE-2023-2861

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64qemu< 3.1.0-8.amzn2.0.11qemu-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-common< 3.1.0-8.amzn2.0.11qemu-common-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-guest-agent< 3.1.0-8.amzn2.0.11qemu-guest-agent-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-img< 3.1.0-8.amzn2.0.11qemu-img-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64ivshmem-tools< 3.1.0-8.amzn2.0.11ivshmem-tools-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-block-curl< 3.1.0-8.amzn2.0.11qemu-block-curl-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-block-dmg< 3.1.0-8.amzn2.0.11qemu-block-dmg-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-block-iscsi< 3.1.0-8.amzn2.0.11qemu-block-iscsi-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-block-nfs< 3.1.0-8.amzn2.0.11qemu-block-nfs-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux2aarch64qemu-block-rbd< 3.1.0-8.amzn2.0.11qemu-block-rbd-3.1.0-8.amzn2.0.11.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	qemu	< 3.1.0-8.amzn2.0.11	qemu-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-common	< 3.1.0-8.amzn2.0.11	qemu-common-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-guest-agent	< 3.1.0-8.amzn2.0.11	qemu-guest-agent-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-img	< 3.1.0-8.amzn2.0.11	qemu-img-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	ivshmem-tools	< 3.1.0-8.amzn2.0.11	ivshmem-tools-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-block-curl	< 3.1.0-8.amzn2.0.11	qemu-block-curl-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-block-dmg	< 3.1.0-8.amzn2.0.11	qemu-block-dmg-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-block-iscsi	< 3.1.0-8.amzn2.0.11	qemu-block-iscsi-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-block-nfs	< 3.1.0-8.amzn2.0.11	qemu-block-nfs-3.1.0-8.amzn2.0.11.aarch64.rpm
Amazon Linux	2	aarch64	qemu-block-rbd	< 3.1.0-8.amzn2.0.11	qemu-block-rbd-3.1.0-8.amzn2.0.11.aarch64.rpm