Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4980.NASL
HistoryOct 04, 2021 - 12:00 a.m.

Debian DSA-4980-1 : qemu - security update

2021-10-0400:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

8.8 High

AI Score

Confidence

High

JSON

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4980 advisory.

  • Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user- gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. (CVE-2021-3544)

  • An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost- user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. (CVE-2021-3545)

  • A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3546)

  • A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. (CVE-2021-3682)

  • An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of- bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. (CVE-2021-3713)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-4980. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153865);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/29");

  script_cve_id(
    "CVE-2021-3544",
    "CVE-2021-3545",
    "CVE-2021-3546",
    "CVE-2021-3638",
    "CVE-2021-3682",
    "CVE-2021-3713",
    "CVE-2021-3748"
  );

  script_name(english:"Debian DSA-4980-1 : qemu - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-4980 advisory.

  - Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions
    up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-
    gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. (CVE-2021-3544)

  - An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of
    QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-
    user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit
    this issue to leak memory from the host. (CVE-2021-3545)

  - A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write
    vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of
    service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The
    highest threat from this vulnerability is to data confidentiality and integrity as well as system
    availability. (CVE-2021-3546)

  - A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs
    when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A
    malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata,
    resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the
    host. (CVE-2021-3682)

  - An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions
    prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-
    bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this
    flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the
    host. (CVE-2021-3713)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988174");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/qemu");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2021/dsa-4980");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3544");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3545");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3546");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3638");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3682");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3713");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3748");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/qemu");
  script_set_attribute(attribute:"solution", value:
"Upgrade the qemu packages.

For the stable distribution (bullseye), these problems have been fixed in version 1");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3748");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-3682");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-block-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-ppc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-sparc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-binfmt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('audit.inc');
include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(11)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'qemu', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-block-extra', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-guest-agent', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-arm', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-common', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-data', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-gui', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-mips', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-misc', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-ppc', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-sparc', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-system-x86', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-user', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-user-binfmt', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-user-static', 'reference': '1:5.2+dfsg-11+deb11u1'},
    {'release': '11.0', 'prefix': 'qemu-utils', 'reference': '1:5.2+dfsg-11+deb11u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-block-extra / qemu-guest-agent / qemu-system / etc');
}
VendorProductVersionCPE
debiandebian_linuxqemup-cpe:/a:debian:debian_linux:qemu
debiandebian_linuxqemu-block-extrap-cpe:/a:debian:debian_linux:qemu-block-extra
debiandebian_linuxqemu-guest-agentp-cpe:/a:debian:debian_linux:qemu-guest-agent
debiandebian_linuxqemu-systemp-cpe:/a:debian:debian_linux:qemu-system
debiandebian_linuxqemu-system-armp-cpe:/a:debian:debian_linux:qemu-system-arm
debiandebian_linuxqemu-system-commonp-cpe:/a:debian:debian_linux:qemu-system-common
debiandebian_linuxqemu-system-datap-cpe:/a:debian:debian_linux:qemu-system-data
debiandebian_linuxqemu-system-guip-cpe:/a:debian:debian_linux:qemu-system-gui
debiandebian_linuxqemu-system-mipsp-cpe:/a:debian:debian_linux:qemu-system-mips
debiandebian_linuxqemu-system-miscp-cpe:/a:debian:debian_linux:qemu-system-misc
Rows per page:
1-10 of 181

References

Related

osv 16
debian 4
nessus 83
suse 8
ubuntu 4
ubuntucve 8
cbl_mariner 11
debiancve 8
alpinelinux 6
veracode 5
oraclelinux 12
redhatcve 8
cve 8
prion 8
redhat 2
fedora 2
f5 1
redos 1
gentoo 1
rapid7blog 2
altlinux 1
osv
osv
qemu - security update
2021-10-03 00:00:00
qemu vulnerabilities
2022-02-28 13:03:07
CVE-2021-3713
2021-08-25 19:15:15
debian
debian
[SECURITY] [DSA 4980-1] qemu security update
2021-10-03 18:26:45
[SECURITY] [DLA 2753-1] qemu security update
2021-09-02 18:40:09
[SECURITY] [DLA 2970-1] qemu security update
2022-04-04 13:21:47
nessus
nessus
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:2213-1)
2021-07-01 00:00:00
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:2212-1)
2021-07-01 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-5307-1)
2022-02-28 00:00:00
suse
suse
Security update for qemu (moderate)
2021-07-10 00:00:00
Security update for qemu (important)
2021-11-08 00:00:00
Security update for qemu (important)
2021-11-03 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2022-02-28 00:00:00
QEMU vulnerabilities
2021-07-15 00:00:00
QEMU vulnerabilities
2022-12-12 00:00:00
ubuntucve
ubuntucve
CVE-2021-3545
2021-06-02 00:00:00
CVE-2021-3546
2021-06-02 00:00:00
CVE-2021-3713
2021-08-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3713 affecting package qemu 6.1.0-14
2022-06-03 17:54:21
CVE-2021-3682 affecting package qemu 6.1.0-14
2022-06-03 17:54:21
CVE-2021-3682 affecting package qemu-kvm 4.2.0-48
2021-08-17 15:27:57
debiancve
debiancve
CVE-2021-3713
2021-08-25 19:15:00
CVE-2021-3682
2021-08-05 20:15:00
CVE-2021-3748
2022-03-23 20:15:00
alpinelinux
alpinelinux
CVE-2021-3713
2021-08-25 19:15:00
CVE-2021-3682
2021-08-05 20:15:00
CVE-2021-3748
2022-03-23 20:15:00
veracode
veracode
Denial Of Service
2021-08-31 21:44:02
Denial Of Service (DoS)
2021-10-01 06:29:02
Denial Of Service (DoS)
2021-10-01 04:59:17
oraclelinux
oraclelinux
qemu security update
2021-08-17 00:00:00
olcne security update
2022-06-17 00:00:00
olcne security update
2022-06-16 00:00:00
redhatcve
redhatcve
CVE-2021-3682
2021-08-04 18:56:06
CVE-2021-3713
2021-08-17 17:45:07
CVE-2021-3748
2021-08-30 11:14:20
cve
cve
CVE-2021-3682
2021-08-05 20:15:00
CVE-2021-3713
2021-08-25 19:15:00
CVE-2021-3748
2022-03-23 20:15:00
prion
prion
Out-of-bounds
2021-08-25 19:15:00
Design/Logic Flaw
2022-03-03 23:15:00
Design/Logic Flaw
2022-03-23 20:15:00
redhat
redhat
(RHSA-2021:4112) Moderate: virt:av and virt-devel:av security and bug fix update
2021-11-03 08:25:05
(RHSA-2021:5036) Moderate: virt:8.2 and virt-devel:8.2 security update
2021-12-08 18:36:58
fedora
fedora
[SECURITY] Fedora 36 Update: qemu-6.2.0-17.fc36
2023-01-19 13:15:08
[SECURITY] Fedora 37 Update: qemu-7.0.0-12.fc37
2022-12-14 02:01:51
f5
f5
K63714476 : Linux kernel vulnerabilities CVE-2022-26353 and CVE-2021-3748
2022-04-19 00:00:00
redos
redos
ROS-20220125-17
2022-01-25 00:00:00
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2022-08-14 00:00:00
rapid7blog
rapid7blog
CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)
2021-09-07 13:00:00
Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors
2022-01-05 18:52:41
altlinux
altlinux
Security fix for the ALT Linux 10 package qemu version 6.1.1-alt1
2022-03-01 00:00:00

8.8 High

AI Score

Confidence

High

JSON
Related for DEBIAN_DSA-4980.NASL
osv16debian4nessus83suse8ubuntu4ubuntucve8cbl_mariner11debiancve8alpinelinux6veracode5oraclelinux12redhatcve8cve8prion8redhat2fedora2f51redos1gentoo1rapid7blog2altlinux1