Lucene search
OracleLinuxELSA-2024-12435HistoryJun 13, 2024 - 12:00 a.m.
virt:kvm_utils1 security update
2024-06-1300:00:00
linux.oracle.com
kvm
security update
cve fixes
version upgrade
libvirt
qemu-kvm
hivex
libguestfs
libiscsi
libnbd
libvirt-dbus
libvirt-python
nbdkit
netcf
perl-sys-virt
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.3%
hivex
libguestfs
libguestfs-winsupport
libiscsi
libnbd
libvirt
[5.7.0-42]
- Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700}
- Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441}
- libvirt-
: Check caller-provided buffers to be NULL with size > 0 (Erik Skultety) [Orabug: 36364474]
libvirt-dbus
libvirt-python
[5.7.0-42] - Bump version number to 5.7.0-42 to match libvirt (Karl Heubaum)
nbdkit
netcf
perl-Sys-Virt
qemu-kvm
[4.2.1-34] - multifd: fix the multifd initialization (Elena Ufimtseva) [Orabug: 36598610]
- hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36604206]
- scsi: make io_timeout configurable (Hannes Reinecke) [Orabug: 36604206]
- target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607762]
[4.2.1-32] - Document CVEs as fixed (Mark Kanda) [Orabug: 36455470] [Orabug: 36455480] [Orabug: 36455529] [Orabug: 36455489] [Orabug: 36455500] [Orabug: 36455512] [Orabug: 36455520] {CVE-2023-4135} {CVE-2023-3255} {CVE-2023-6683} {CVE-2023-40360} {CVE-2023-42467} {CVE-2024-26327} {CVE-2024-24474}
- hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35250119] {CVE-2023-1544}
- hw/pflash_cfi01: allow smaller backing devices in postload_update_cb() (Mark Kanda) [Orabug: 36378764]
- hw/block/pflash: Check return value of blk_pwrite() (Mansour Ahmadi) [Orabug: 36378764]
- net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019}
- net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019}
- lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 36425307] {CVE-2021-3750}
- memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- util/async: add a human-readable name to BHs for debugging (Stefan Hajnoczi) [Orabug: 36425307] {CVE-2021-3750}
- io: remove io watch if TLS channel is closed during handshake (Daniel Berrange) [Orabug: 35595204] {CVE-2023-3354}
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088}
- hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088}
- accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025) (Alex Bennee) [Orabug: 36327651] {CVE-2020-24165}
- physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35886091]
- qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091]
- qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091]
- qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- aio_wait_kick: add missing memory barrier (Emanuele Giuseppe Esposito) [Orabug: 35886091]
- hw/smbios: Fix core count in type4 (Zhao Liu) [Orabug: 35876036]
- hw/smbios: Fix thread count in type4 (Zhao Liu) [Orabug: 35876036]
- hw/smbios: Fix smbios_smp_sockets caculation (Zhao Liu) [Orabug: 35876036]
- machine: Add helpers to get cores/threads per socket (Zhao Liu) [Orabug: 35876036]
- machine: move dies from X86MachineState to CpuTopology (Paolo Bonzini) [Orabug: 35876036]
- machine: move SMP initialization from vl.c (Paolo Bonzini) [Orabug: 35876036]
- machine: move UP defaults to class_base_init (Paolo Bonzini) [Orabug: 35876036]
- virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35724113] {CVE-2023-3180}
- hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35724112] {CVE-2023-0330}
seabios
sgabios
supermin
Related
ubuntucve
ubuntucve
CVE-2024-1441
2024-03-11 00:00:00
CVE-2023-2700
2023-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: libvirt-9.7.0-3.fc39
2024-03-20 02:04:54
[SECURITY] Fedora 38 Update: libvirt-9.0.0-5.fc38
2024-03-28 01:43:49
[SECURITY] Fedora 38 Update: libvirt-9.0.0-4.fc38
2024-02-11 05:39:44
cbl_mariner
cbl_mariner
CVE-2024-1441 affecting package libvirt for versions less than 7.10.0-8
2024-04-09 20:48:36
CVE-2023-2700 affecting package libvirt for versions less than 7.10.0-5
2023-06-14 23:53:35
CVE-2023-2700 affecting package libvirt for versions less than 7.10.0-5
2024-03-19 17:21:46
openvas
openvas
Fedora: Security Advisory for libvirt (FEDORA-2024-1a59230214)
2024-03-28 00:00:00
Fedora: Security Advisory for libvirt (FEDORA-2024-d96cdeb8ec)
2024-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1005-1)
2024-05-07 00:00:00
cvelist
cvelist
CVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()
2024-03-11 13:37:54
CVE-2023-2700
2023-05-15 00:00:00
redhatcve
redhatcve
CVE-2024-1441
2024-03-11 10:10:13
CVE-2023-2700
2023-05-15 04:22:02
cve
cve
CVE-2024-1441
2024-03-11 14:15:06
CVE-2023-2700
2023-05-15 22:15:12
oraclelinux
oraclelinux
libvirt security update
2024-06-03 00:00:00
libvirt security update
2023-06-22 00:00:00
kvm_utils2 security update
2023-10-19 00:00:00
debiancve
debiancve
CVE-2024-1441
2024-03-11 14:15:06
CVE-2023-2700
2023-05-15 22:15:12
prion
prion
Design/Logic Flaw
2024-03-11 14:15:00
Design/Logic Flaw
2023-05-15 22:15:00
veracode
veracode
Off-by-one Error
2024-03-14 06:36:18
Denial Of Service (DoS)
2023-10-09 11:10:28
nvd
nvd
CVE-2024-1441
2024-03-11 14:15:06
CVE-2023-2700
2023-05-15 22:15:12
nessus
nessus
Oracle Linux 9 : libvirt (ELSA-2024-12406)
2024-06-04 00:00:00
AlmaLinux 9 : libvirt (ALSA-2023:3715)
2023-06-26 00:00:00
githubexploit
githubexploit
Exploit for CVE-2024-1441
2024-04-16 07:14:33
redos
redos
ROS-20240415-02
2024-04-15 00:00:00
rocky
rocky
libvirt security update
2023-08-31 16:55:40
virt:rhel and virt-devel:rhel security and bug fix update
2023-08-31 16:54:34
libvirt security and bug fix update
2024-05-10 14:32:38
almalinux
almalinux
Moderate: virt:rhel and virt-devel:rhel security and bug fix update
2023-06-27 00:00:00
Moderate: libvirt security update
2023-06-21 00:00:00
Moderate: libvirt security and bug fix update
2024-04-30 00:00:00
redhat
redhat
(RHSA-2023:4799) Moderate: virt:rhel and virt-devel:rhel security and bug fix update
2023-08-29 07:22:43
(RHSA-2023:3822) Moderate: virt:rhel and virt-devel:rhel security and bug fix update
2023-06-27 13:35:33
(RHSA-2023:3715) Moderate: libvirt security update
2023-06-21 13:52:09
osv
osv
Moderate: libvirt security update
2023-08-31 16:55:40
Moderate: virt:rhel and virt-devel:rhel security and bug fix update
2023-08-31 16:54:34
Moderate: libvirt security update
2023-06-21 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0286
2024-06-07 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0625
2024-06-07 00:00:00
Moderate Photon OS Security Update - PHSA-2023-5.0-0023
2023-06-09 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2024-04-29 00:00:00
libvirt vulnerabilities
2023-05-31 00:00:00
libvirt vulnerabilities
2024-04-15 00:00:00
amazon
amazon
Medium: libvirt
2024-04-11 01:07:00
debian
debian
[SECURITY] [DLA 3778-1] libvirt security update
2024-04-01 12:19:02
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.3%
Related for ELSA-2024-12435