The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3759 advisory.

  - A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not     prohibit opening special files on the host side, potentially allowing a malicious client to escape from     the exported 9p tree by creating and opening a device file in the shared folder. (CVE-2023-2861)

  - A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks     whether the current number of connections crosses a certain threshold and if so, cleans up the previous     connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the     connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated     client to cause a denial of service. (CVE-2023-3354)

  - A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be     targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for     example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor     to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
    (CVE-2023-5088)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3759 : qemu - security update

high Nessus Plugin ID 191790

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jun 7, 2024, 9:18 AM IAVM reference Plugin Feed: 202406070918
Version 1.2 Mar 15, 2024, 3:57 PM IAVM reference Plugin Feed: 202403151557
Version 1.1 Mar 15, 2024, 11:10 AM IAVM reference Plugin Feed: 202403151110
Version 1.0 Mar 11, 2024, 10:29 PM New Plugin Feed: 202403112229