QEMU < 7.2.4 / < 8.0.3 Multiple Vulnerabilites

medium Nessus Plugin ID 179667

Synopsis

The remote host has virtualization software installed that is affected by multiple vulnerabilities.

Description

The version of QEMU installed on the remote Windows host is affected by multiple vulnerabilities, as follows:

- A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. (CVE-2023-3019)

- A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. (CVE-2023-1544)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to QEMU 7.2.4, 8.0.3 or later.

See Also

https://www.qemu.org/download/#source

http://www.nessus.org/u?b525f632

http://www.nessus.org/u?93f5c304

Plugin Details

Severity: Medium

ID: 179667

File Name: qemu_win_8_0_3.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 8/10/2023

Updated: 9/28/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-1544

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2023-3019

Vulnerability Information

CPE: cpe:/a:qemu:qemu

Required KB Items: installed_sw/QEMU

Exploit Ease: No known exploits are available

Patch Publication Date: 7/24/2023

Vulnerability Publication Date: 7/24/2023

Reference Information

CVE: CVE-2023-1544, CVE-2023-3019

IAVB: 2023-B-0058-S