Lucene search
AmazonALAS2-2023-2207HistoryAug 17, 2023 - 11:58 a.m.
Medium: qemu
2023-08-1711:58:00
alas.aws.amazon.com
13
qemu
virtual crypto device
heap buffer overflow
data encryption
data decryption
virtio crypto handle
cve-2023-3180
amazon linux 2
yum update
Issue Overview:
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. (CVE-2023-3180)
Affected Packages:
qemu
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qemu to update your system.
New Packages:
aarch64:
qemu-3.1.0-8.amzn2.0.14.aarch64
qemu-common-3.1.0-8.amzn2.0.14.aarch64
qemu-guest-agent-3.1.0-8.amzn2.0.14.aarch64
qemu-img-3.1.0-8.amzn2.0.14.aarch64
ivshmem-tools-3.1.0-8.amzn2.0.14.aarch64
qemu-block-curl-3.1.0-8.amzn2.0.14.aarch64
qemu-block-dmg-3.1.0-8.amzn2.0.14.aarch64
qemu-block-iscsi-3.1.0-8.amzn2.0.14.aarch64
qemu-block-nfs-3.1.0-8.amzn2.0.14.aarch64
qemu-block-rbd-3.1.0-8.amzn2.0.14.aarch64
qemu-block-ssh-3.1.0-8.amzn2.0.14.aarch64
qemu-audio-alsa-3.1.0-8.amzn2.0.14.aarch64
qemu-audio-oss-3.1.0-8.amzn2.0.14.aarch64
qemu-audio-pa-3.1.0-8.amzn2.0.14.aarch64
qemu-audio-sdl-3.1.0-8.amzn2.0.14.aarch64
qemu-ui-curses-3.1.0-8.amzn2.0.14.aarch64
qemu-ui-gtk-3.1.0-8.amzn2.0.14.aarch64
qemu-ui-sdl-3.1.0-8.amzn2.0.14.aarch64
qemu-kvm-3.1.0-8.amzn2.0.14.aarch64
qemu-kvm-core-3.1.0-8.amzn2.0.14.aarch64
qemu-user-3.1.0-8.amzn2.0.14.aarch64
qemu-user-binfmt-3.1.0-8.amzn2.0.14.aarch64
qemu-user-static-3.1.0-8.amzn2.0.14.aarch64
qemu-system-aarch64-3.1.0-8.amzn2.0.14.aarch64
qemu-system-aarch64-core-3.1.0-8.amzn2.0.14.aarch64
qemu-system-x86-3.1.0-8.amzn2.0.14.aarch64
qemu-system-x86-core-3.1.0-8.amzn2.0.14.aarch64
qemu-debuginfo-3.1.0-8.amzn2.0.14.aarch64
i686:
qemu-3.1.0-8.amzn2.0.14.i686
qemu-common-3.1.0-8.amzn2.0.14.i686
qemu-guest-agent-3.1.0-8.amzn2.0.14.i686
qemu-img-3.1.0-8.amzn2.0.14.i686
ivshmem-tools-3.1.0-8.amzn2.0.14.i686
qemu-block-curl-3.1.0-8.amzn2.0.14.i686
qemu-block-dmg-3.1.0-8.amzn2.0.14.i686
qemu-block-iscsi-3.1.0-8.amzn2.0.14.i686
qemu-block-nfs-3.1.0-8.amzn2.0.14.i686
qemu-block-ssh-3.1.0-8.amzn2.0.14.i686
qemu-audio-alsa-3.1.0-8.amzn2.0.14.i686
qemu-audio-oss-3.1.0-8.amzn2.0.14.i686
qemu-audio-pa-3.1.0-8.amzn2.0.14.i686
qemu-audio-sdl-3.1.0-8.amzn2.0.14.i686
qemu-ui-curses-3.1.0-8.amzn2.0.14.i686
qemu-ui-gtk-3.1.0-8.amzn2.0.14.i686
qemu-ui-sdl-3.1.0-8.amzn2.0.14.i686
qemu-kvm-3.1.0-8.amzn2.0.14.i686
qemu-kvm-core-3.1.0-8.amzn2.0.14.i686
qemu-user-3.1.0-8.amzn2.0.14.i686
qemu-user-binfmt-3.1.0-8.amzn2.0.14.i686
qemu-user-static-3.1.0-8.amzn2.0.14.i686
qemu-system-aarch64-3.1.0-8.amzn2.0.14.i686
qemu-system-aarch64-core-3.1.0-8.amzn2.0.14.i686
qemu-system-x86-3.1.0-8.amzn2.0.14.i686
qemu-system-x86-core-3.1.0-8.amzn2.0.14.i686
qemu-debuginfo-3.1.0-8.amzn2.0.14.i686
src:
qemu-3.1.0-8.amzn2.0.14.src
x86_64:
qemu-3.1.0-8.amzn2.0.14.x86_64
qemu-common-3.1.0-8.amzn2.0.14.x86_64
qemu-guest-agent-3.1.0-8.amzn2.0.14.x86_64
qemu-img-3.1.0-8.amzn2.0.14.x86_64
ivshmem-tools-3.1.0-8.amzn2.0.14.x86_64
qemu-block-curl-3.1.0-8.amzn2.0.14.x86_64
qemu-block-dmg-3.1.0-8.amzn2.0.14.x86_64
qemu-block-iscsi-3.1.0-8.amzn2.0.14.x86_64
qemu-block-nfs-3.1.0-8.amzn2.0.14.x86_64
qemu-block-rbd-3.1.0-8.amzn2.0.14.x86_64
qemu-block-ssh-3.1.0-8.amzn2.0.14.x86_64
qemu-audio-alsa-3.1.0-8.amzn2.0.14.x86_64
qemu-audio-oss-3.1.0-8.amzn2.0.14.x86_64
qemu-audio-pa-3.1.0-8.amzn2.0.14.x86_64
qemu-audio-sdl-3.1.0-8.amzn2.0.14.x86_64
qemu-ui-curses-3.1.0-8.amzn2.0.14.x86_64
qemu-ui-gtk-3.1.0-8.amzn2.0.14.x86_64
qemu-ui-sdl-3.1.0-8.amzn2.0.14.x86_64
qemu-kvm-3.1.0-8.amzn2.0.14.x86_64
qemu-kvm-core-3.1.0-8.amzn2.0.14.x86_64
qemu-user-3.1.0-8.amzn2.0.14.x86_64
qemu-user-binfmt-3.1.0-8.amzn2.0.14.x86_64
qemu-user-static-3.1.0-8.amzn2.0.14.x86_64
qemu-system-aarch64-3.1.0-8.amzn2.0.14.x86_64
qemu-system-aarch64-core-3.1.0-8.amzn2.0.14.x86_64
qemu-system-x86-3.1.0-8.amzn2.0.14.x86_64
qemu-system-x86-core-3.1.0-8.amzn2.0.14.x86_64
qemu-debuginfo-3.1.0-8.amzn2.0.14.x86_64
Additional References
Red Hat: CVE-2023-3180
Mitre: CVE-2023-3180
Related
nessus
nessus
EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2023-3111)
2024-01-16 00:00:00
Amazon Linux 2 : qemu (ALAS-2023-2207)
2023-08-23 00:00:00
EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2023-3096)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3096)
2023-11-01 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3111)
2023-11-01 00:00:00
Huawei EulerOS: Security Advisory for qemu-micro (EulerOS-SA-2023-3228)
2023-11-10 00:00:00
veracode
veracode
Out-of-bounds Write
2023-08-13 13:35:26
prion
prion
Heap overflow
2023-08-03 15:15:00
cbl_mariner
cbl_mariner
CVE-2023-3180 affecting package qemu for versions less than 8.2.0-1
2024-03-19 17:21:46
redhatcve
redhatcve
CVE-2023-3180
2023-08-03 07:48:53
debiancve
debiancve
CVE-2023-3180
2023-08-03 15:15:29
ubuntucve
ubuntucve
CVE-2023-3180
2023-08-03 00:00:00
alpinelinux
alpinelinux
CVE-2023-3180
2023-08-03 15:15:29
cvelist
cvelist
CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()
2023-08-03 14:31:36
osv
osv
CVE-2023-3180
2023-08-03 15:15:29
qemu - security update
2023-10-05 00:00:00
qemu vulnerabilities
2024-01-08 17:46:08
cve
cve
CVE-2023-3180
2023-08-03 15:15:29
oraclelinux
oraclelinux
virt:kvm_utils1 security update
2024-02-12 00:00:00
qemu security update
2023-09-22 00:00:00
qemu security update
2023-09-22 00:00:00
debian
debian
[SECURITY] [DLA 3604-1] qemu security update
2023-10-05 16:14:21
fedora
fedora
[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38
2023-08-29 01:35:27
redos
redos
ROS-20240329-15
2024-03-29 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2024-01-08 00:00:00