QEMU 7.2.x < 7.2.15, 8.0.x < 8.0.6, 8.1.x < 8.1.6, 8.2.x < 8.2.8, 9.0.x < 9.0.4, 9.1.x < 9.1.1 Information Leak

low Nessus Plugin ID 207835

Synopsis

The remote host has virtualization software installed that is affected by an information leak.

Description

The version of QEMU installed on the remote Windows host is prior to 8.2.1 and therefore vulnerable to the following:
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to QEMU 7.2.15, 8.0.6, 8.1.6, 8.2.8, 9.0.4, 9.1.1 or later.

See Also

https://www.qemu.org/download/#source

http://www.nessus.org/u?4dddf459

Plugin Details

Severity: Low

ID: 207835

File Name: qemu_win_9_1_0.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 9/27/2024

Updated: 9/30/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.2

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2024-8612

CVSS v3

Risk Factor: Low

Base Score: 3.8

Temporal Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:qemu:qemu

Required KB Items: installed_sw/QEMU

Exploit Ease: No known exploits are available

Patch Publication Date: 9/19/2024

Vulnerability Publication Date: 9/19/2024

Reference Information

CVE: CVE-2024-8612

IAVA: 2024-B-0141