Amazon Linux 2 : qemu (ALAS-2023-2336)

high Nessus Plugin ID 185791

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2336 advisory.

- A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
(CVE-2023-5088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update qemu' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALAS-2023-2336.html

https://alas.aws.amazon.com/cve/html/CVE-2023-5088.html

https://alas.aws.amazon.com/faqs.html

Plugin Details

Severity: High

ID: 185791

File Name: al2_ALAS-2023-2336.nasl

Version: 1.2

Type: local

Agent: unix

Published: 11/15/2023

Updated: 6/7/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-5088

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:qemu-block-ssh, p-cpe:/a:amazon:linux:qemu-audio-oss, p-cpe:/a:amazon:linux:qemu-block-nfs, p-cpe:/a:amazon:linux:qemu-system-aarch64-core, p-cpe:/a:amazon:linux:qemu-ui-sdl, p-cpe:/a:amazon:linux:qemu-guest-agent, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:qemu-debuginfo, p-cpe:/a:amazon:linux:qemu-user, p-cpe:/a:amazon:linux:qemu-ui-gtk, p-cpe:/a:amazon:linux:qemu-user-binfmt, p-cpe:/a:amazon:linux:qemu-system-aarch64, p-cpe:/a:amazon:linux:qemu-block-dmg, p-cpe:/a:amazon:linux:qemu-block-iscsi, p-cpe:/a:amazon:linux:qemu-audio-sdl, p-cpe:/a:amazon:linux:qemu-block-rbd, p-cpe:/a:amazon:linux:qemu-system-x86, p-cpe:/a:amazon:linux:qemu-block-curl, p-cpe:/a:amazon:linux:qemu-common, p-cpe:/a:amazon:linux:qemu-ui-curses, p-cpe:/a:amazon:linux:qemu-kvm-core, p-cpe:/a:amazon:linux:qemu-audio-alsa, p-cpe:/a:amazon:linux:qemu-system-x86-core, p-cpe:/a:amazon:linux:qemu, p-cpe:/a:amazon:linux:qemu-kvm, p-cpe:/a:amazon:linux:qemu-audio-pa, p-cpe:/a:amazon:linux:qemu-user-static, p-cpe:/a:amazon:linux:qemu-img, p-cpe:/a:amazon:linux:ivshmem-tools

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2023

Vulnerability Publication Date: 11/3/2023

Reference Information

CVE: CVE-2023-5088

IAVB: 2024-B-0022-S