8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.8%
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757)
Security Fix(es):
QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)
QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)
QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)
QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=1477099
bugzilla.redhat.com/show_bug.cgi?id=1708300
bugzilla.redhat.com/show_bug.cgi?id=1879437
bugzilla.redhat.com/show_bug.cgi?id=1904267
bugzilla.redhat.com/show_bug.cgi?id=1951118
bugzilla.redhat.com/show_bug.cgi?id=1968509
bugzilla.redhat.com/show_bug.cgi?id=1973784
bugzilla.redhat.com/show_bug.cgi?id=1982600
bugzilla.redhat.com/show_bug.cgi?id=1995710
bugzilla.redhat.com/show_bug.cgi?id=1999073
bugzilla.redhat.com/show_bug.cgi?id=2020993
bugzilla.redhat.com/show_bug.cgi?id=2023977
bugzilla.redhat.com/show_bug.cgi?id=2026955
bugzilla.redhat.com/show_bug.cgi?id=2035002
bugzilla.redhat.com/show_bug.cgi?id=2037612
bugzilla.redhat.com/show_bug.cgi?id=2041823
bugzilla.redhat.com/show_bug.cgi?id=2044162
bugzilla.redhat.com/show_bug.cgi?id=2046029
bugzilla.redhat.com/show_bug.cgi?id=2060839
bugzilla.redhat.com/show_bug.cgi?id=2062809
bugzilla.redhat.com/show_bug.cgi?id=2062813
bugzilla.redhat.com/show_bug.cgi?id=2062817
bugzilla.redhat.com/show_bug.cgi?id=2062819
bugzilla.redhat.com/show_bug.cgi?id=2062828
bugzilla.redhat.com/show_bug.cgi?id=2064500
bugzilla.redhat.com/show_bug.cgi?id=2064530
bugzilla.redhat.com/show_bug.cgi?id=2064757
bugzilla.redhat.com/show_bug.cgi?id=2064771
bugzilla.redhat.com/show_bug.cgi?id=2064782
bugzilla.redhat.com/show_bug.cgi?id=2065398
bugzilla.redhat.com/show_bug.cgi?id=2066824
bugzilla.redhat.com/show_bug.cgi?id=2070804
bugzilla.redhat.com/show_bug.cgi?id=2072379
bugzilla.redhat.com/show_bug.cgi?id=2079347
bugzilla.redhat.com/show_bug.cgi?id=2079938
bugzilla.redhat.com/show_bug.cgi?id=2081022
bugzilla.redhat.com/show_bug.cgi?id=2086262
bugzilla.redhat.com/show_bug.cgi?id=2094252
bugzilla.redhat.com/show_bug.cgi?id=2094270
bugzilla.redhat.com/show_bug.cgi?id=2095608
bugzilla.redhat.com/show_bug.cgi?id=2096143
bugzilla.redhat.com/show_bug.cgi?id=2099541
bugzilla.redhat.com/show_bug.cgi?id=2099934
bugzilla.redhat.com/show_bug.cgi?id=2100106
bugzilla.redhat.com/show_bug.cgi?id=2107466
bugzilla.redhat.com/show_bug.cgi?id=2111994
bugzilla.redhat.com/show_bug.cgi?id=2112303
bugzilla.redhat.com/show_bug.cgi?id=2114060
bugzilla.redhat.com/show_bug.cgi?id=2116876
bugzilla.redhat.com/show_bug.cgi?id=2120275
errata.rockylinux.org/RLSA-2022:7967
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.8%