MiracleLinux 9 : qemu-kvm-9.0.0-10.el9 (AXSA:2024-9100:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9100:07 advisory. QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow CVE-2024-26327 QEMU: virtio: DMA reentrancy issue leads to double free...

qemu-kvm: pcie: improper validation of NumVFs leads to buffer overflow

A flaw was found in the SR/IOV emulation support of QEMU. The registervfs function in hw/pci/pciesriov.c mishandled the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF Virtual Function implementations. This flaw allows a malicious guest to crash QEM...