35 matches found
virt:ol and virt-devel:ol security update
qemu-kvm 4.2.0-59.el85.2 - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch bz2048627 - Resolves: bz2048627 CVE-2022-0358 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 rhel-8.5.0.z...
MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2022-3122:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3122:01 advisory. QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 CVE-2022-0358 Tenable has extracted the preceding description block directly from the...
Alibaba Cloud Linux 3 : 0022: virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0022)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0022 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-0358: RESERVED This candidate has been...
Linux Distros Unpatched Vulnerability : CVE-2022-0358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user c...
Azure Linux 3.0 Security Update: qemu / qemu-kvm (CVE-2022-0358)
The version of qemu / qemu-kvm installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0358 advisory. - A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw...
Fedora 36 : qemu (2022-d73cfd3a36)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d73cfd3a36 advisory. Automatic update for qemu-6.2.0-4.fc36.1. Changelog Wed Feb 9 2022 Eduardo Lima Etrunko - 2:6.2.0-4 - virtiofsd: Drop membership of all supplementar...
CBL Mariner 2.0 Security Update: qemu / qemu-kvm (CVE-2022-0358)
The version of qemu / qemu-kvm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0358 advisory. - A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw...
CVE-2022-0358 affecting package qemu for versions less than 6.2.0-18
CVE-2022-0358 affecting package qemu for versions less than 6.2.0-18. A patched version of the package is available...
CentOS 9 : qemu-kvm-6.2.0-7.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the qemu-kvm-6.2.0-7.el9 build changelog. - The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group...
CVE-2022-0358 affecting package qemu-kvm 4.2.0-41
CVE-2022-0358 affecting package qemu-kvm 4.2.0-41. A patched version of the package is available...
Amazon Linux 2022 : qemu, qemu-audio-alsa, qemu-audio-oss (ALAS2022-2022-050)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-050 advisory. A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution...
CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
AZL-10763 CVE-2022-0358 affecting package qemu for versions less than 6.2.0-5
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
CVE-2022-0358
CVE-2022-0358 pertains to the QEMU virtio-fs daemon (virtiofsd) and describes a local-privilege issue tied to an existing CVE-2018-13405 scenario. A local guest user can create files in directories shared by virtio-fs that are SGID-writable and belong to a specific group, causing files to acquire...
CVE-2022-0358 affecting package qemu for versions less than 6.2.0-5
CVE-2022-0358 affecting package qemu for versions less than 6.2.0-5. A patched version of the package is available...
OESA-2022-1772 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in ...
Ubuntu: Security Advisory (USN-5489-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5133-1 : qemu - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5133 advisory. Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code. For the...
[SECURITY] [DSA 5133-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5133-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2022 https://www.debian.org/security/faq -...
openSUSE: Security Advisory for qemu (openSUSE-SU-2022:0930-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...