14 lines
1.3 KiB
JSON
14 lines
1.3 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1716",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1716",
|
|
"title": "An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Medium",
|
|
"description": "QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.(CVE-2021-3507)\r\n\r\nA stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.(CVE-2021-3611)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2021-3611",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3611",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |