41 matches found
EUVD-2022-30912
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-3748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region,...
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748 which forgot to unmap the cached virtqueue elements on error leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
...
K63714476: Linux kernel vulnerabilities CVE-2022-26353 and CVE-2021-3748
Security Advisory Description CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEM...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-2533)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
istio security update
istio 1.13.7-1 - Added Oracle specific files for 1.13.7-1 olcne 1.4.7-1 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 1.4.6-2 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printin...
QEMU: virtio-net: map leaking on error during receive
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit...
Oracle Linux 8 : olcne (ELSA-2022-9494)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9494 advisory. 1.4.5-1 - Address qemu CVE-2022-26353, CVE-2021-3748 Tenable has extracted the preceding description block directly from the Oracle Linux security...
olcne security update
1.5.3-1 - Address qemu CVE-2022-26353, CVE-2021-3748...
Oracle Linux 8 : olcne (ELSA-2022-9493)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9493 advisory. 1.5.3-1 - Address qemu CVE-2022-26353, CVE-2021-3748 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Oracle Linux 7 : olcne (ELSA-2022-9492)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9492 advisory. 1.4.5-1 - Address qemu CVE-2022-26353, CVE-2021-3748 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2021-3748 affecting package qemu for versions less than 6.2.0-2
CVE-2021-3748 affecting package qemu for versions less than 6.2.0-2. An upgraded version of the package is available that resolves this issue...
CVE-2021-3748 affecting package qemu-kvm 4.2.0-38
CVE-2021-3748 affecting package qemu-kvm 4.2.0-38. A patched version of the package is available...
qemu security update
15:4.2.1-17.el7 - arm/acpi: fix an out of spec UID for PCI root Michael S. Tsirkin - arm/acpi: fix duplicated UID of PCI interrupt link devices Heyi Guo - arm/acpi: fix PCI PRT definition Heyi Guo - docs: fix references to docs/devel/atomics.rst Stefano Garzarella Orabug: 33659123 - rcu: do not...
ALSA-2022:1759 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-1601)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2970-1] qemu security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2970-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 04, 2022 https://wiki.debian.org/LTS -...
CVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...