Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-3800-1.NASLHistorySep 28, 2023 - 12:00 a.m.
SUSE SLES15 Security Update : qemu (SUSE-SU-2023:3800-1)
2023-09-2800:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
suse
sles15
qemu
multiple vulnerabilities
policy enforcement
usb ehci controller
dma reentrancy
nvme emulation
vmware
lsi53c895a device
stack overflow
nic emulators
vnc server
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3800-1 advisory.
-
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2019-13754)
-
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller’s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. (CVE-2021-3750)
-
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. (CVE-2021-3929)
-
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. (CVE-2022-1050)
-
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Affected QEMU versions <= 6.2.0. (CVE-2022-26354) -
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. (CVE-2023-0330)
-
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. (CVE-2021-3416) (CVE-2023-2861)
-
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of
src_lenanddst_lenin virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
(CVE-2023-3180) -
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. (CVE-2023-3354)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:3800-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(182125);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/15");
script_cve_id(
"CVE-2019-13754",
"CVE-2021-3750",
"CVE-2021-3929",
"CVE-2022-1050",
"CVE-2022-26354",
"CVE-2023-0330",
"CVE-2023-2861",
"CVE-2023-3180",
"CVE-2023-3354"
);
script_xref(name:"IAVB", value:"2023-B-0019-S");
script_xref(name:"SuSE", value:"SUSE-SU-2023:3800-1");
script_xref(name:"IAVB", value:"2022-B-0057-S");
script_xref(name:"IAVB", value:"2023-B-0058-S");
script_xref(name:"IAVB", value:"2023-B-0073-S");
script_name(english:"SUSE SLES15 Security Update : qemu (SUSE-SU-2023:3800-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:3800-1 advisory.
- Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote
attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2019-13754)
- A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the
Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be
written to the controller's registers and trigger undesirable actions (such as reset) while the device is
still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could
use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or
potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects
QEMU versions before 7.0.0. (CVE-2021-3750)
- A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is
similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function
nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could
use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or,
potentially, executing arbitrary code within the context of the QEMU process on the host. (CVE-2021-3929)
- A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a
crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading
to a use-after-free condition. (CVE-2022-1050)
- A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached
from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Affected QEMU versions <= 6.2.0. (CVE-2022-26354)
- A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem
may lead to memory corruption bugs like stack overflow or use-after-free. (CVE-2023-0330)
- A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions
up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get
bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the
host resulting in DoS scenario. (CVE-2021-3416) (CVE-2023-2861)
- A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in
virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in
virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
(CVE-2023-3180)
- A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks
whether the current number of connections crosses a certain threshold and if so, cleans up the previous
connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the
connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated
client to cause a denial of service. (CVE-2023-3354)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172382");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190011");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1193880");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197653");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198712");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1207205");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212850");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213925");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215311");
# https://lists.suse.com/pipermail/sle-security-updates/2023-September/016339.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0efa89e9");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-13754");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3750");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3929");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1050");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-26354");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-0330");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2861");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3180");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3354");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1050");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2023/09/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ipxe");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-seabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-sgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-vgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP1", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-audio-alsa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-audio-oss-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-audio-pa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-ipxe-1.0.0+-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-kvm-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-seabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-sgabios-8-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-ui-curses-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-ui-gtk-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-vgabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-x86-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-arm-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-audio-alsa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-audio-oss-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-audio-pa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-ipxe-1.0.0+-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-kvm-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-seabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-sgabios-8-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'qemu-ui-curses-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-ui-gtk-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-vgabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-x86-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-kvm-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-s390-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-arm / qemu-audio-alsa / qemu-audio-oss / qemu-audio-pa / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | qemu | p-cpe:/a:novell:suse_linux:qemu |
| novell | suse_linux | qemu-arm | p-cpe:/a:novell:suse_linux:qemu-arm |
| novell | suse_linux | qemu-audio-alsa | p-cpe:/a:novell:suse_linux:qemu-audio-alsa |
| novell | suse_linux | qemu-audio-oss | p-cpe:/a:novell:suse_linux:qemu-audio-oss |
| novell | suse_linux | qemu-audio-pa | p-cpe:/a:novell:suse_linux:qemu-audio-pa |
| novell | suse_linux | qemu-block-curl | p-cpe:/a:novell:suse_linux:qemu-block-curl |
| novell | suse_linux | qemu-block-iscsi | p-cpe:/a:novell:suse_linux:qemu-block-iscsi |
| novell | suse_linux | qemu-block-rbd | p-cpe:/a:novell:suse_linux:qemu-block-rbd |
| novell | suse_linux | qemu-block-ssh | p-cpe:/a:novell:suse_linux:qemu-block-ssh |
| novell | suse_linux | qemu-guest-agent | p-cpe:/a:novell:suse_linux:qemu-guest-agent |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0330
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3354
www.nessus.org/u?0efa89e9
bugzilla.suse.com/1172382
bugzilla.suse.com/1190011
bugzilla.suse.com/1193880
bugzilla.suse.com/1197653
bugzilla.suse.com/1198712
bugzilla.suse.com/1207205
bugzilla.suse.com/1212850
bugzilla.suse.com/1212968
bugzilla.suse.com/1213925
bugzilla.suse.com/1215311
www.suse.com/security/cve/CVE-2019-13754
www.suse.com/security/cve/CVE-2021-3750
www.suse.com/security/cve/CVE-2021-3929
www.suse.com/security/cve/CVE-2022-1050
www.suse.com/security/cve/CVE-2022-26354
www.suse.com/security/cve/CVE-2023-0330
www.suse.com/security/cve/CVE-2023-2861
www.suse.com/security/cve/CVE-2023-3180
www.suse.com/security/cve/CVE-2023-3354
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3800-1)
2023-09-28 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2023:3721-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3721-1)
2023-09-22 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2023:3721-1)
2023-09-22 00:00:00
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2887)
2024-01-16 00:00:00
Amazon Linux 2 : qemu (ALAS-2023-2148)
2023-07-20 00:00:00
amazon
amazon
Medium: qemu
2023-07-17 17:40:00
prion
prion
Design/Logic Flaw
2022-08-25 20:15:00
Design/Logic Flaw
2019-12-10 22:15:00
Design/Logic Flaw
2022-03-16 15:15:00
cve
cve
debiancve
debiancve
ubuntucve
ubuntucve
cvelist
cvelist
nvd
nvd
osv
osv
CVE-2021-3929
2022-08-25 20:15:09
qemu - security update
2024-03-11 00:00:00
qemu - security update
2023-10-05 00:00:00
redhatcve
redhatcve
debian
debian
[SECURITY] [DLA 3759-1] qemu security update
2024-03-11 17:27:07
[SECURITY] [DLA 3604-1] qemu security update
2023-10-05 16:13:52
oraclelinux
oraclelinux
virt:kvm_utils1 security update
2024-02-12 00:00:00
qemu security update
2023-09-22 00:00:00
qemu security update
2023-09-22 00:00:00
redhat
redhat
(RHSA-2024:0404) Important: virt:rhel and virt-devel:rhel security update
2024-01-24 14:40:17
(RHSA-2023:5094) Important: qemu-kvm security and bug fix update
2023-09-12 07:46:21
(RHSA-2023:6227) Important: qemu-kvm security update
2023-11-01 08:58:37
veracode
veracode
Out Of Bound Reads
2022-04-09 08:42:10
Remote Code Execution (RCE)
2022-04-26 21:47:02
Denial Of Service (DoS)
2021-03-18 00:31:46
f5
f5
K50401227 : Linux kernel vulnerability CVE-2022-26354
2022-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38
2023-08-29 01:35:27
[SECURITY] Fedora 36 Update: qemu-6.2.0-15.fc36
2022-09-23 01:21:49
ubuntu
ubuntu
QEMU vulnerabilities
2023-06-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-26354 affecting package qemu for versions less than 6.2.0-18
2024-03-19 17:21:46
CVE-2021-3929 affecting package qemu for versions less than 6.2.0-13
2023-01-17 16:47:04
CVE-2022-26354 affecting package qemu for versions less than 6.2.0-2
2022-06-03 17:54:21
cnvd
cnvd
QEMU Denial of Service Vulnerability (CNVD-2022-84161)
2022-03-18 00:00:00
QEMU Resource Management Error Vulnerability (CNVD-2022-84160)
2022-05-07 00:00:00
alpinelinux
alpinelinux
githubexploit
githubexploit
Exploit for Use After Free in Qemu
2022-05-13 05:33:28
redos
redos
ROS-20230825-05
2023-08-25 00:00:00
ROS-20240329-15
2024-03-29 00:00:00
almalinux
almalinux
Important: qemu-kvm security and bug fix update
2023-09-12 00:00:00
vulnrichment
vulnrichment
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
2023-12-06 06:19:40
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%
Related for SUSE_SU-2023-3800-1.NASL