Detections
Analytics
Alibaba Cloud Linux 3 : 0168: virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0168)
high Nessus Plugin ID 236413
Synopsis
The remote Alibaba Cloud Linux host is missing one or more security updates.Description
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0168 advisory.Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:
CVE-2021-4206:
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CVE-2021-4207:
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CVE-2022-26353:
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-20196:
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device.
This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-33285:
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the bytes_in_use field should be less than the bytes_allocated field. When it is not, the parsing of the records proceeds into the wild.
CVE-2021-33286:
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVE-2021-33287:
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
CVE-2021-33289:
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVE-2021-35266:
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
CVE-2021-35267:
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
CVE-2021-35268:
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVE-2021-35269:
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVE-2021-3622:
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
CVE-2021-3716:
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVE-2021-3748:
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
CVE-2021-39251:
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
CVE-2021-39252:
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
CVE-2021-39253:
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
CVE-2021-39254:
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
CVE-2021-39255:
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
CVE-2021-39256:
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
CVE-2021-39257:
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
CVE-2021-39258:
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
CVE-2021-39259:
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
CVE-2021-39260:
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
CVE-2021-39261:
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39262:
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-39263:
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
CVE-2021-3975:
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2021-4145:
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0.
The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
CVE-2021-4158:
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2022-0485:
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
CVE-2022-26354:
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Affected QEMU versions <= 6.2.0.
Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20220168.xml
Plugin Details
Severity: High
ID: 236413
File Name: alinux3_sa_2022-0168.nasl
Version: 1.1
Type: local
Published: 5/14/2025
Updated: 5/14/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 6
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-39263
CVSS v3
Risk Factor: High
Base Score: 8.2
Temporal Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2021-4207
Vulnerability Information
CPE: p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-wireshark-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-img, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:seabios-bin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libtpms-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-tools-c, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-iscsi-direct-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-java-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:lua-guestfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-xfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:supermin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-img-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-basic-filters, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-libnbd-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-libguestfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-linuxdisk-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-hivex-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-gobject-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libnbd-bash-completion, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-sys-virt-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:supermin-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-tar-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-xz-filter, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:hivex-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-libs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-iscsi-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-nss-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-python-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdfuse-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-ui-spice, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-rbd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-ui-spice-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libtpms-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-v2v, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-basic-plugins, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-gzip-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-gobject-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-server-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:supermin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-v2v-man-pages-uk, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-gfs2, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-libvirt, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-qemu-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-core-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-rbd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-sys-virt, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-guest-agent, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-curl, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-scsi-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-tar-filter, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-libnbd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-guest-agent-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-tools-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-rescue, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-libguestfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-client, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-appliance, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-nodedev-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-bash-completion, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-secret-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-nwfilter-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-docs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-example-plugins-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-libguestfs-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-tools, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-winsupport, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-ssh-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-hivex, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-sys-guestfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-vddk-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-core-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-ui-opengl, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-scsi, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ruby-hivex-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-hw-usbredir-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libtpms-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-core, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-server, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-ssh, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-rsync, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-logical-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:supermin-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-v2v-bash-completion, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-hivex, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-tools-c-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-config-nwfilter, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-gzip-filter-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-iscsi-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-ssh-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-ui-opengl-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-kvm, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-java, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-tmpdisk-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-basic-plugins-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-v2v-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-inspect-icons, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-linuxdisk-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-secret, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-qemu, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-tar-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-nbd-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-libnbd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-xz-filter-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-man-pages-uk, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-curl-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-tools, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-network, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-nss, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-docs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-dib, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-disk, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ruby-libguestfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:hivex, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-java-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-core, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-gluster-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-tools-pkcs11, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-client-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-dib-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-ssh-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libnbd-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-javadoc, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-hivex-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-libguestfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-rbd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-interface, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-gzip-filter, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libnbd-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:sgabios-bin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:seabios, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-sys-virt-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-python-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-tar-filter-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-config-network, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-man-pages-ja, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-libs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-hivex, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-gzip-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libnbd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-libvirt-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-hivex-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:swtpm-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:lua-guestfs, cpe:/o:alibabacloud:alibaba_cloud_linux_3, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-curl-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-nbd-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-gluster, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-common-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-logical, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-lock-sanlock-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-iscsi-direct, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-rbd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:seavgabios-bin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-vddk-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-sys-guestfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-nodedev, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-v2v-man-pages-ja, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libtpms, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-network-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-hw-usbredir, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-disk-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-example-plugins, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-lock-sanlock, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:virt-v2v-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-libguestfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-gobject, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-interface-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-gluster-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ruby-hivex, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libguestfs-bash-completion, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-nwfilter, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perl-hivex-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-libnbd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ruby-libguestfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-curl-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-mpath-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:hivex-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:hivex-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-tests, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-python-plugin-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libnbd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-mpath, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdfuse, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-basic-filters-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-common, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-daemon-driver-storage-gluster, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:qemu-kvm-block-iscsi, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ocaml-libnbd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libvirt-wireshark, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:nbdkit-tmpdisk-plugin, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:sgabios
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Alibaba/release, Host/Alibaba/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/11/2022
Vulnerability Publication Date: 5/26/2021
Reference Information
CVE: CVE-2021-20196, CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-3622, CVE-2021-3716, CVE-2021-3748, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263, CVE-2021-3975, CVE-2021-4145, CVE-2021-4158, CVE-2021-4206, CVE-2021-4207, CVE-2022-0485, CVE-2022-26353, CVE-2022-26354