Lucene search

K
redhatRedHatRHSA-2024:2962
HistoryMay 22, 2024 - 6:35 a.m.

(RHSA-2024:2962) Moderate: virt:rhel and virt-devel:rhel security and enhancement update

2024-05-2206:35:12
access.redhat.com
12
kvm
rhel
virtualization
security
update
cve
qemu
vnc

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.002

Percentile

52.4%

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service (CVE-2023-3255)

  • QEMU: improper IDE controller reset can lead to MBR overwrite (CVE-2023-5088)

  • QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() (CVE-2023-6683)

  • QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx() (CVE-2023-6693)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64qemu-kvm-block-rbd< 6.2.0-49.module+el8.10.0+21533+3df3c4b6qemu-kvm-block-rbd-6.2.0-49.module+el8.10.0+21533+3df3c4b6.x86_64.rpm
RedHatanyppc64lelibguestfs< 1.44.0-9.module+el8.9.0+18724+20190c23libguestfs-1.44.0-9.module+el8.9.0+18724+20190c23.ppc64le.rpm
RedHatanyx86_64libguestfs-tools-c< 1.44.0-9.module+el8.9.0+18724+20190c23libguestfs-tools-c-1.44.0-9.module+el8.9.0+18724+20190c23.x86_64.rpm
RedHatanyx86_64hivex-devel< 1.3.18-23.module+el8.9.0+18724+20190c23hivex-devel-1.3.18-23.module+el8.9.0+18724+20190c23.x86_64.rpm
RedHatanyppc64lelibvirt-daemon-driver-storage-rbd-debuginfo< 8.0.0-23.module+el8.10.0+21023+5962ee04libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-23.module+el8.10.0+21023+5962ee04.ppc64le.rpm
RedHatanys390xnbdkit-python-plugin-debuginfo< 1.24.0-5.module+el8.9.0+18724+20190c23nbdkit-python-plugin-debuginfo-1.24.0-5.module+el8.9.0+18724+20190c23.s390x.rpm
RedHatanyx86_64libnbd< 1.6.0-5.module+el8.9.0+18724+20190c23libnbd-1.6.0-5.module+el8.9.0+18724+20190c23.x86_64.rpm
RedHatanyaarch64libvirt-daemon-driver-network-debuginfo< 8.0.0-23.module+el8.10.0+21023+5962ee04libvirt-daemon-driver-network-debuginfo-8.0.0-23.module+el8.10.0+21023+5962ee04.aarch64.rpm
RedHatanyx86_64swtpm-debuginfo< 0.7.0-4.20211109gitb79fd91.module+el8.9.0+18724+20190c23swtpm-debuginfo-0.7.0-4.20211109gitb79fd91.module+el8.9.0+18724+20190c23.x86_64.rpm
RedHatanyaarch64libvirt-debuginfo< 8.0.0-23.module+el8.10.0+21023+5962ee04libvirt-debuginfo-8.0.0-23.module+el8.10.0+21023+5962ee04.aarch64.rpm
Rows per page:
1-10 of 9151

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.002

Percentile

52.4%