MiracleLinux 9 : qemu-kvm-8.2.0-11.el9 (AXSA:2024-7897:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7897:02 advisory. QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019 QEMU: VNC: infinite loop in inflatebuffer leads to denial of service...

CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...