Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:RLSA-2022:7967
HistoryNov 15, 2022 - 6:12 a.m.

Moderate: qemu-kvm security, bug fix, and enhancement update

2022-11-1506:12:15
Google
osv.dev
5
kvm linux security dma

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

47.6%

JSON

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757)

Security Fix(es):

  • QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)

  • QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)

  • QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)

  • QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

References

Related

redhat 6
oraclelinux 8
almalinux 3
nessus 62
rocky 2
osv 11
openvas 36
alpinelinux 4
redhatcve 6
veracode 4
cvelist 6
cnvd 2
cbl_mariner 9
prion 6
cve 6
ubuntucve 6
nvd 6
debiancve 6
redos 2
suse 4
ubuntu 2
altlinux 1
gentoo 1
redhat
redhat
(RHSA-2022:7967) Moderate: qemu-kvm security, bug fix, and enhancement update
2022-11-15 06:12:15
(RHSA-2023:6980) Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2023-11-14 08:42:05
(RHSA-2023:6368) Moderate: qemu-kvm security, bug fix, and enhancement update
2023-11-07 06:03:14
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2022-11-22 00:00:00
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
2023-11-18 00:00:00
qemu security update
2022-08-01 00:00:00
almalinux
almalinux
Moderate: qemu-kvm security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2023-11-14 00:00:00
Moderate: qemu-kvm security, bug fix, and enhancement update
2023-11-07 00:00:00
nessus
nessus
AlmaLinux 9 : qemu-kvm (ALSA-2022:7967)
2022-11-19 00:00:00
RHEL 9 : qemu-kvm (RHSA-2022:7967)
2022-11-15 00:00:00
Oracle Linux 9 : qemu-kvm (ELSA-2022-7967)
2022-11-22 00:00:00
rocky
rocky
qemu-kvm security, bug fix, and enhancement update
2022-11-15 06:12:15
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2022-11-08 06:20:26
osv
osv
Moderate: qemu-kvm security, bug fix, and enhancement update
2022-11-15 00:00:00
CVE-2021-3750
2022-05-02 19:15:08
CVE-2021-3507
2021-05-06 16:15:07
openvas
openvas
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-1242)
2023-01-12 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-1212)
2023-01-12 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-2100)
2022-07-14 00:00:00
alpinelinux
alpinelinux
CVE-2021-3507
2021-05-06 16:15:07
CVE-2021-3750
2022-05-02 19:15:00
CVE-2021-4158
2022-08-24 16:15:09
redhatcve
redhatcve
CVE-2021-4158
2021-12-23 21:11:25
CVE-2021-3507
2021-04-19 19:26:29
CVE-2021-3750
2022-05-18 22:39:59
veracode
veracode
Use-After-Free
2022-07-09 23:07:28
Denial Of Service (DoS)
2021-12-16 21:31:55
NULL Pointer Dereference
2022-01-22 21:42:21
cvelist
cvelist
CVE-2021-3750
2022-05-02 18:48:12
CVE-2021-3507
2021-05-06 15:16:14
CVE-2021-4158
2022-08-24 15:10:39
cnvd
cnvd
QEMU Resource Management Error Vulnerability (CNVD-2022-84160)
2022-05-07 00:00:00
QEMU Denial of Service Vulnerability (CNVD-2022-84162)
2022-03-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3750 affecting package qemu for versions less than 6.2.0-18
2024-03-19 17:21:46
CVE-2021-3507 affecting package qemu-kvm 4.2.0-48
2024-07-26 21:09:32
CVE-2021-3750 affecting package qemu-kvm 4.2.0-39
2022-07-14 21:00:03
prion
prion
Design/Logic Flaw
2022-05-02 19:15:00
Heap overflow
2021-05-06 16:15:00
Null pointer dereference
2022-08-24 16:15:00
cve
cve
CVE-2021-3507
2021-05-06 16:15:07
CVE-2021-3750
2022-05-02 19:15:08
CVE-2021-4158
2022-08-24 16:15:09
ubuntucve
ubuntucve
CVE-2021-3507
2021-05-06 00:00:00
CVE-2021-3750
2022-05-02 00:00:00
CVE-2021-4158
2021-12-24 00:00:00
nvd
nvd
CVE-2021-3750
2022-05-02 19:15:08
CVE-2021-3507
2021-05-06 16:15:07
CVE-2021-4158
2022-08-24 16:15:09
debiancve
debiancve
CVE-2021-3750
2022-05-02 19:15:08
CVE-2021-3507
2021-05-06 16:15:07
CVE-2021-4158
2022-08-24 16:15:09
redos
redos
ROS-20240606-01
2024-06-06 00:00:00
ROS-20240611-14
2024-06-11 00:00:00
suse
suse
Security update for qemu (important)
2021-07-21 00:00:00
Security update for qemu (important)
2022-10-26 00:00:00
Security update for qemu (important)
2021-07-27 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2022-12-12 00:00:00
QEMU vulnerabilities
2022-06-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package qemu version 6.1.1-alt1
2022-03-01 00:00:00
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2022-08-14 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

47.6%

JSON
Related for OSV:RLSA-2022:7967
redhat6oraclelinux8almalinux3nessus62rocky2osv11openvas36alpinelinux4redhatcve6veracode4cvelist6cnvd2cbl_mariner9prion6cve6ubuntucve6nvd6debiancve6redos2suse4ubuntu2altlinux1gentoo1