67 matches found
Security update for qemu
This update for qemu fixes the following issues: Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...
Oracle Linux 9 : qemu-kvm (ELSA-2024-12674)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12674 advisory. - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs Philippe Mathieu-Daude Orabug: 36869694 CVE-2024-3446 - hw/char/virtio-serial-bus: Protec...
GO-2023-1803 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file in github.com/lima-vm/lima
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file in github.com/lima-vm/lima...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
Arbitrary File Access
OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (RHSA-2024:4425)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4425 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
USN-6884-1: Nova vulnerability
Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
USN-6883-1: OpenStack Glance vulnerability
Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
USN-6882-1: Cinder vulnerability
Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : OpenStack Glance vulnerability (USN-6883-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6883-1 advisory. Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to...
GHSA-R4V4-W9PV-6FPH OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
GHSA-F7QW-JJ9C-RPQ9 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...