Lucene search

K
osvGoogleOSV:RLSA-2021:5238
HistoryDec 21, 2021 - 9:11 a.m.

Low: virt:rhel and virt-devel:rhel security update

2021-12-2109:11:21
Google
osv.dev
15
kvm virtualization
virt:rocky linux
kvm security
qemu off-by-one error
e1000 infinite loop

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

14.2%

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (CVE-2021-3930)

  • QEMU: net: e1000: infinite loop while processing transmit descriptors (CVE-2021-20257)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.