Errata ALT-PU-2024-6744-1: Information

Package name: qemu
Version: 8.2.2-alt1
Bulletin updated: April 16, 2024

Fixes

Published: Feb. 14, 2024

BDU:2024-01711

Уязвимость функция register_vfs() (hw/pci/pcie_sriov.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 14, 2024

BDU:2024-01712

Уязвимость функция register_vfs() (hw/pci/pcie_sriov.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 19, 2024
Modified: April 19, 2024

CVE-2024-26327

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
Links:
Published: Feb. 19, 2024
Modified: April 19, 2024

CVE-2024-26328

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
Links:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top