Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI
I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req'
from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the
host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
(CVE-2021-3392)
- The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to
the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This
flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of
service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. (CVE-2021-3409)
- A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions
up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get
bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the
host resulting in DoS scenario. (CVE-2021-3416)
- A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This
flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges
on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as
system availability. (CVE-2021-20181)
- A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator
of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw
allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a
denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-20255)
Plugin Details
Supported Sensors: Agentless Assessment
Risk Information
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 12/3/2020