Msrc Azl3 Qemu 6.2.0-18 On Azure Linux 3.0 vulnerabilities

CVE-2023-2861 [MEDIUM] CWE-284 Qemu: 9pfs: improper access control on special files Qemu: 9pfs: improper access control on special files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the di

CVE-2023-3301 [MEDIUM] CWE-362 Triggerable assertion due to race condition in hot-unplug Triggerable assertion due to race condition in hot-unplug FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with wh

CVE-2023-42467 [MEDIUM] CWE-369 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU a QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. FAQ: Is Azure Linux the only Microsoft p

CVE-2023-3255 [MEDIUM] CWE-835 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2022-36648 [CRITICAL] CWE-476 The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the hos The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has

CVE-2023-3180 [MEDIUM] CWE-787 Heap buffer overflow in virtio_crypto_sym_op_helper() Heap buffer overflow in virtio_crypto_sym_op_helper() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-3354 [HIGH] CWE-476 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with t

CVE-2023-1544 [MEDIUM] CWE-770 Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2022-3872 [HIGH] CWE-193 An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_ An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_count == block_size. A malicious guest could use this flaw to crash th

CVE-2022-4144 [MEDIUM] CWE-125 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potenti An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potentially reading past the end of the bar space into adjacent pages. A ma

CVE-2022-3165 [MEDIUM] CWE-191 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message resulting in a denial of service

CVE-2022-2962 [HIGH] CWE-662 A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame it doesn't check whether the destination address is A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handl

CVE-2022-0358 [HIGH] CWE-273 A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a

CVE-2021-3929 [HIGH] CWE-416 A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvm A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvme_ctrl_reset() data structs will be freed leading to a use-after-free

CVE-2021-4158 [MEDIUM] CWE-476 A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a denial of ser A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. FAQ: Is Azure Linux the only Microsoft product that

CVE-2022-35414 [HIGH] CWE-908 softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization U softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting t

CVE-2021-3750 [HIGH] CWE-416 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted conte A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirabl

CVE-2021-3611 [MEDIUM] CWE-119 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system a

CVE-2021-4206 [HIGH] CWE-190 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user t

CVE-2021-4207 [HIGH] CWE-362 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A maliciou