Lucene search

K
oraclelinuxOracleLinuxELSA-2024-12152
HistoryFeb 12, 2024 - 12:00 a.m.

virt:kvm_utils1 security update

2024-02-1200:00:00
linux.oracle.com
12
virtualization
security update
defensive protection
pcie speed
null check
buffer length verification
reentrancy issues
atomic memslot
accelerator blocker
lsi controller
pcie link state

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

hivex
libguestfs
libguestfs-winsupport
libiscsi
libnbd
libvirt
[5.7.0-41]

  • qemu_monitor: Add defensive protection on mon->msg (Wim ten Have) [Orabug: 35699260]
  • vircpi: Add PCIe 5.0 and 6.0 link speeds (Michal Privoznik) [Orabug: 35496776]
  • qemuProcessSetupVcpusVnuma: add NULL check for def->cpu (Shaleen Bathla) [Orabug: 35332038]
    libvirt-dbus
    libvirt-python
    [5.7.0-41]
  • Bump version number to 5.7.0-41 to match libvirt (Karl Heubaum)
    nbdkit
    netcf
    perl-Sys-Virt
    qemu-kvm
    [4.2.1-28]
  • virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35724113] {CVE-2023-3180}
  • hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35724112] {CVE-2023-0330}
  • kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35719844]
  • KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35719844]
  • accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35719844]
  • KVM: Use a big lock to replace per-kml slots_lock (Peter Xu) [Orabug: 35719844]
  • pcie: don’t set link state active if the slot is empty (Laurent Vivier) [Orabug: 35707933]
  • vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug: 35662850] {CVE-2023-3301}
    seabios
    sgabios
    supermin

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%