20 matches found
Alibaba Cloud Linux 3 : 0021: virt:rhel and virt-devel:rhel (ALINUX3-SA-2024:0021)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3750: A DMA reentrancy issue was...
CBL Mariner 2.0 Security Update: qemu (CVE-2023-3301)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3301 advisory. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend i...
Azure Linux 3.0 Security Update: qemu (CVE-2023-3301)
The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3301 advisory. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend i...
CVE-2023-3301 affecting package qemu for versions less than 6.2.0-23
CVE-2023-3301 affecting package qemu for versions less than 6.2.0-23. A patched version of the package is available...
Advisory ROSA-SA-2025-2814
Software: qemu-kvm 6.2.0 OS: ROSA Virtualization 3.0 packageevrstring: qemu-kvm-6.2.0-53.rv30.2 CVE-ID: CVE-2021-3750 BDU-ID: 2024-04421 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the QEMU hardware emulator is related to a lack of checks to see if the buffer pointer overlaps with the MMIO...
Linux Distros Unpatched Vulnerability : CVE-2023-3301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has...
Advisory ROSA-SA-2025-2641
Software: qemu 7.2.7 OS: ROSA-CHROME packageevrstring: qemu-7.2.7-1 CVE-ID: CVE-2023-3301 BDU-ID: 2024-04418 CVE-Crit: LOW CVE-DESC.: A vulnerability in the virtio-net interface of the QEMU hardware emulator is related to the asynchronous nature of the shutdown allowing a race scenario...
Ubuntu: Security Advisory (USN-6567-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6567-2: QEMU regression
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the...
CVE-2023-3301 affecting package qemu for versions less than 8.2.0-1
CVE-2023-3301 affecting package qemu for versions less than 8.2.0-1. An upgraded version of the package is available that resolves this issue...
EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2023-3371)
According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the...
Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Linux 8 : kvm_utils3 (ELSA-2023-12855)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12855 advisory. - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in...
qemu security update
15:4.2.1-28.el7 - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller CVE-2023-0330 Thomas Huth Orabug: 35724112 CVE-2023-0330 - kvm: Atomic memslot updates David Hildenbrand Orabug...
Oracle Linux 7 : qemu (ELSA-2023-12835)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12835 advisory. - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in...
BELL-CVE-2023-3301
Bulletin has no description...
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
CVE-2023-3301 Triggerable assertion due to race condition in hot-unplug
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
CVE-2023-3301
CVE-2023-3301 describes a race condition in QEMU’s hot-unplug of virtio-net NICs where the net device backend can be cleared before the PCI frontend is unplugged, enabling a malicious guest to trigger an assertion and cause a denial of service. Public documents confirm a vulnerability in QEMU wit...
SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2023:3234-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3234-1 advisory. - CVE-2023-2861: Fixed improper access control on special files in 9pfs bsc1212968. -...