Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-3800-1.NASL
HistorySep 28, 2023 - 12:00 a.m.

SUSE SLES15 Security Update : qemu (SUSE-SU-2023:3800-1)

2023-09-2800:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
suse
sles15
qemu
multiple vulnerabilities
policy enforcement
usb ehci controller
dma reentrancy
nvme emulation
vmware
lsi53c895a device
stack overflow
nic emulators
vnc server

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3800-1 advisory.

  • Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2019-13754)

  • A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller’s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. (CVE-2021-3750)

  • A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. (CVE-2021-3929)

  • A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. (CVE-2022-1050)

  • A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
    Affected QEMU versions <= 6.2.0. (CVE-2022-26354)

  • A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. (CVE-2023-0330)

  • A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. (CVE-2021-3416) (CVE-2023-2861)

  • A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
    (CVE-2023-3180)

  • A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. (CVE-2023-3354)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:3800-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(182125);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/15");

  script_cve_id(
    "CVE-2019-13754",
    "CVE-2021-3750",
    "CVE-2021-3929",
    "CVE-2022-1050",
    "CVE-2022-26354",
    "CVE-2023-0330",
    "CVE-2023-2861",
    "CVE-2023-3180",
    "CVE-2023-3354"
  );
  script_xref(name:"IAVB", value:"2023-B-0019-S");
  script_xref(name:"SuSE", value:"SUSE-SU-2023:3800-1");
  script_xref(name:"IAVB", value:"2022-B-0057-S");
  script_xref(name:"IAVB", value:"2023-B-0058-S");
  script_xref(name:"IAVB", value:"2023-B-0073-S");

  script_name(english:"SUSE SLES15 Security Update : qemu (SUSE-SU-2023:3800-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:3800-1 advisory.

  - Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote
    attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2019-13754)

  - A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the
    Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be
    written to the controller's registers and trigger undesirable actions (such as reset) while the device is
    still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could
    use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or
    potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects
    QEMU versions before 7.0.0. (CVE-2021-3750)

  - A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is
    similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function
    nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could
    use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or,
    potentially, executing arbitrary code within the context of the QEMU process on the host. (CVE-2021-3929)

  - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a
    crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading
    to a use-after-free condition. (CVE-2022-1050)

  - A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached
    from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
    Affected QEMU versions <= 6.2.0. (CVE-2022-26354)

  - A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem
    may lead to memory corruption bugs like stack overflow or use-after-free. (CVE-2023-0330)

  - A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions
    up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get
    bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the
    host resulting in DoS scenario. (CVE-2021-3416) (CVE-2023-2861)

  - A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in
    virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in
    virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
    (CVE-2023-3180)

  - A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks
    whether the current number of connections crosses a certain threshold and if so, cleans up the previous
    connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the
    connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated
    client to cause a denial of service. (CVE-2023-3354)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172382");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190011");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1193880");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197653");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198712");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1207205");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212850");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212968");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213925");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215311");
  # https://lists.suse.com/pipermail/sle-security-updates/2023-September/016339.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0efa89e9");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-13754");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3750");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3929");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1050");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-26354");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-0330");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2861");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3180");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3354");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1050");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ipxe");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-seabios");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-sgabios");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-vgabios");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP1", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-audio-alsa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-audio-oss-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-audio-pa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-ipxe-1.0.0+-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-kvm-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-seabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-sgabios-8-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-ui-curses-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-ui-gtk-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-vgabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-x86-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-arm-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-audio-alsa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-audio-oss-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-audio-pa-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-ipxe-1.0.0+-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-kvm-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-seabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-sgabios-8-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'qemu-ui-curses-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-ui-gtk-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-vgabios-1.12.0_0_ga698c89-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-x86-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'qemu-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-block-curl-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-block-iscsi-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-block-rbd-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-block-ssh-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-guest-agent-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-kvm-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-lang-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-s390-3.1.1.1-150100.80.51.5', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'qemu-tools-3.1.1.1-150100.80.51.5', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-arm / qemu-audio-alsa / qemu-audio-oss / qemu-audio-pa / etc');
}
VendorProductVersionCPE
novellsuse_linuxqemup-cpe:/a:novell:suse_linux:qemu
novellsuse_linuxqemu-armp-cpe:/a:novell:suse_linux:qemu-arm
novellsuse_linuxqemu-audio-alsap-cpe:/a:novell:suse_linux:qemu-audio-alsa
novellsuse_linuxqemu-audio-ossp-cpe:/a:novell:suse_linux:qemu-audio-oss
novellsuse_linuxqemu-audio-pap-cpe:/a:novell:suse_linux:qemu-audio-pa
novellsuse_linuxqemu-block-curlp-cpe:/a:novell:suse_linux:qemu-block-curl
novellsuse_linuxqemu-block-iscsip-cpe:/a:novell:suse_linux:qemu-block-iscsi
novellsuse_linuxqemu-block-rbdp-cpe:/a:novell:suse_linux:qemu-block-rbd
novellsuse_linuxqemu-block-sshp-cpe:/a:novell:suse_linux:qemu-block-ssh
novellsuse_linuxqemu-guest-agentp-cpe:/a:novell:suse_linux:qemu-guest-agent
Rows per page:
1-10 of 231

References

Related

openvas 35
nessus 49
amazon 1
redhatcve 8
cvelist 8
ubuntucve 7
cve 8
debiancve 8
prion 9
nvd 8
osv 10
debian 2
oraclelinux 5
redhat 3
fedora 2
cnvd 2
alpinelinux 6
ubuntu 1
f5 1
veracode 7
cbl_mariner 15
githubexploit 1
redos 1
almalinux 1
vulnrichment 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3800-1)
2023-09-28 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2023:3721-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3721-1)
2023-09-22 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2023:3721-1)
2023-09-22 00:00:00
EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2023-2929)
2024-01-16 00:00:00
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2887)
2024-01-16 00:00:00
amazon
amazon
Medium: qemu
2023-07-17 17:40:00
redhatcve
redhatcve
CVE-2021-3929
2021-12-16 18:19:38
CVE-2019-13754
2019-12-11 01:22:38
CVE-2022-26354
2022-03-11 16:45:36
cvelist
cvelist
CVE-2021-3929
2022-08-25 19:36:36
CVE-2022-26354
2022-03-16 14:02:34
CVE-2019-13754
2019-12-10 21:01:53
ubuntucve
ubuntucve
CVE-2021-3929
2021-12-24 00:00:00
CVE-2019-13754
2019-12-10 00:00:00
CVE-2022-26354
2022-03-16 00:00:00
cve
cve
CVE-2021-3929
2022-08-25 20:15:09
CVE-2019-13754
2019-12-10 22:15:15
CVE-2022-26354
2022-03-16 15:15:16
debiancve
debiancve
CVE-2021-3929
2022-08-25 20:15:09
CVE-2022-26354
2022-03-16 15:15:16
CVE-2019-13754
2019-12-10 22:15:15
prion
prion
Design/Logic Flaw
2022-08-25 20:15:00
Design/Logic Flaw
2019-12-10 22:15:00
Design/Logic Flaw
2022-03-16 15:15:00
nvd
nvd
CVE-2021-3929
2022-08-25 20:15:09
CVE-2019-13754
2019-12-10 22:15:15
CVE-2022-26354
2022-03-16 15:15:16
osv
osv
CVE-2021-3929
2022-08-25 20:15:09
qemu - security update
2024-03-11 00:00:00
qemu - security update
2023-10-05 00:00:00
debian
debian
[SECURITY] [DLA 3759-1] qemu security update
2024-03-11 17:27:07
[SECURITY] [DLA 3604-1] qemu security update
2023-10-05 16:13:52
oraclelinux
oraclelinux
qemu security update
2023-09-22 00:00:00
qemu security update
2023-09-22 00:00:00
virt:kvm_utils1 security update
2024-02-12 00:00:00
redhat
redhat
(RHSA-2024:0404) Important: virt:rhel and virt-devel:rhel security update
2024-01-24 14:40:17
(RHSA-2023:6227) Important: qemu-kvm security update
2023-11-01 08:58:37
(RHSA-2023:5094) Important: qemu-kvm security and bug fix update
2023-09-12 07:46:21
fedora
fedora
[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38
2023-08-29 01:35:27
[SECURITY] Fedora 36 Update: qemu-6.2.0-15.fc36
2022-09-23 01:21:49
cnvd
cnvd
QEMU Denial of Service Vulnerability (CNVD-2022-84161)
2022-03-18 00:00:00
QEMU Resource Management Error Vulnerability (CNVD-2022-84160)
2022-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2022-26354
2022-03-16 15:15:00
CVE-2023-2861
2023-12-06 07:15:41
CVE-2023-3354
2023-07-11 17:15:13
ubuntu
ubuntu
QEMU vulnerabilities
2023-06-19 00:00:00
f5
f5
K50401227 : Linux kernel vulnerability CVE-2022-26354
2022-04-19 00:00:00
veracode
veracode
Out Of Bound Reads
2022-04-09 08:42:10
Remote Code Execution (RCE)
2022-04-26 21:47:02
Denial Of Service (DoS)
2023-08-13 19:55:03
cbl_mariner
cbl_mariner
CVE-2022-26354 affecting package qemu for versions less than 6.2.0-2
2022-06-03 17:54:21
CVE-2022-26354 affecting package qemu-kvm 4.2.0-44
2023-01-12 20:55:00
CVE-2022-26354 affecting package qemu for versions less than 6.2.0-18
2024-03-19 17:21:46
githubexploit
githubexploit
Exploit for Use After Free in Qemu
2022-05-13 05:33:28
redos
redos
ROS-20230825-05
2023-08-25 00:00:00
almalinux
almalinux
Important: qemu-kvm security and bug fix update
2023-09-12 00:00:00
vulnrichment
vulnrichment
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
2023-12-06 06:19:40

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON
Related for SUSE_SU-2023-3800-1.NASL
openvas35nessus49amazon1redhatcve8cvelist8ubuntucve7cve8debiancve8prion9nvd8osv10debian2oraclelinux5redhat3fedora2cnvd2alpinelinux6ubuntu1f51veracode7cbl_mariner15githubexploit1redos1almalinux1vulnrichment1