Oracle Linux 8 : virt:kvm_utils2 (ELSA-2024-12605)

high Nessus Plugin ID 206427

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12605 advisory.

- Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254 resolves: rhbz#2004490
- Fix for CVE-2019-9755 (heap-based buffer overflow leads to local root privilege escalation) resolves: rhbz#1698503
- Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718
- Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842).
- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets Resolves: rhbz#1999307
- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM Fixes: rhbz#1976816
- rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821476] {CVE-2024-4418}
- Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364471] {CVE-2024-1441}
- virpci: Resolve leak in virPCIVirtualFunctionList cleanup (Tim Shearer) [Orabug: 35395469] {CVE-2023-2700}
- qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485}
- qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- storage: Fix daemon crash on lookup storagepool by targetpath (Yi Li) [Orabug: 31439483] {CVE-2020-10703}
- qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430}
- qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485}
- Fix CVE-2021-3716 NBD_OPT_STRUCTURED_REPLY injection on STARTTLS resolves: rhbz#1994915
- Document CVEs (Mark Kanda) {CVE-2023-4135} {CVE-2023-40360} {CVE-2024-26328} {CVE-2023-42467} {CVE-2024-26327} {CVE-2024-3567}
- hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (Philippe Mathieu-Daude) [Orabug:
36858718] {CVE-2024-3447}
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446}
- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446}
- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446}
- hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446}
- ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36858698] {CVE-2023-6683}
- ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36858698] {CVE-2023-6683}
- virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36858734] {CVE-2023-6693}
- esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36858704] {CVE-2024-24474}
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug:
36858692] {CVE-2023-5088}
- hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 36858692] {CVE-2023-5088}
- net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 36858836] {CVE-2023-3019}
- net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 36858836] {CVE-2023-3019}
- lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 36858811] {CVE-2021-3750}
- memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750}
- qga/win32: Use rundll for VSS installation (Konstantin Kostiuk) [Orabug: 36858681] {CVE-2023-0664}
- qga/win32: Remove change action from MSI installer (Konstantin Kostiuk) [Orabug: 36858681] {CVE-2023-0664}
- hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) (Philippe Mathieu-Daude) [Orabug:
36858674] {CVE-2021-3638}
- CVE-2023-4135 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35752193] {CVE-2023-4135}
- virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35752194] {CVE-2023-3180}
- ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) [Orabug:
35752186] {CVE-2023-3255}
- io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrange) [Orabug: 35752182] {CVE-2023-3354}
- 9pfs: prevent opening special files (CVE-2023-2861) (Christian Schoenebeck) [Orabug: 35752178] {CVE-2023-2861}
- hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug:
35752171] {CVE-2023-0330}
- vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug:
35662843] {CVE-2023-3301}
- CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35305727] {CVE-2023-1544}
- hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35064352] {CVE-2022-1050}
- hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daude) [Orabug:
35060182] {CVE-2022-4144}
- ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext (Mauro Matteo Cascella) [Orabug:
35060115] {CVE-2022-3165}
- hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779541] {CVE-2022-4172}
- display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug:
34591445] {CVE-2021-4207}
- ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug:
34591281] {CVE-2021-4206}
- scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216}
- scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug:
34590706] {CVE-2022-0216}
- tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216}
- hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug:
34590706] {CVE-2022-0216}
- virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 34538375] {CVE-2022-26353}
- vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941752] {CVE-2022-26354}
- block/mirror: fix NULL pointer dereference in mirror_wait_on_conflicts() (Stefano Garzarella) [Orabug:
33916572] {CVE-2021-4145}
- hw/nvme: fix CVE-2021-3929 (Klaus Jensen) [Orabug: 33866395] {CVE-2021-3929}
- virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) (Vivek Goyal) [Orabug: 33816690] {CVE-2022-0358}
- acpi: validate hotplug selector on access (Michael S. Tsirkin) [Orabug: 33816625] {CVE-2021-4158}
- Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947}
- hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug:
32439466] {CVE-2021-20196}
- hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196}
- net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug:
32559476] {CVE-2021-20203}
- lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug:
33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713}
- usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682}
- hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug:
33548490] {CVE-2021-3930}
- e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257}
- pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608}
- pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607}
- hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582}
- vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
- vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
- vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545}
- usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
- usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
- mptsas: Remove unused MPTSASState 'pending' field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392}
- e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257}
- Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661}
- imx7-ccm: add digprog mmio write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- tz-ppc: add dummy read/write methods (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- spapr_pci: add spapr msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- nvram: add nrf51_soc flash read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- prep: add ppc-parity write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- vfio: add quirk device write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- pci-host: designware: add pcie-msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- hw/pci-host: add pci-intack write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
- hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register (Philippe Mathieu-Daude) [Orabug: 32470471] {CVE-2021-20221}
- memory: clamp cached translation in case it points to an MMIO region (Paolo Bonzini) [Orabug: 32252673] {CVE-2020-27821}
- hw/sd/sdhci: Fix DMA Transfer Block Size field (Philippe Mathieu-Daude) [Orabug: 32613470] {CVE-2021-3409}
- 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181}
- ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug:
32393835] {CVE-2020-29443}
- Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808}
- block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947}
- net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617}
- Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723}
- hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}
- libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}
- Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624}
- ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}
- hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
- hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
- hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
- hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
- usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364}
- Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415}
- hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863}
- hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092}
- hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug:
31414336] {CVE-2020-13253}
- hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
- libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756}
- Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608}
- Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824}
- exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659}
- megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362}
- memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791}
- Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765}
- ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800}
- es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361}
- ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869}
- libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983}
- Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034}
- libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608}
- vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382}
- iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711}
- Update to 0.4.2, to address potential symlink vulnerabilities (CVE-2020-28407).
Resolves: rhbz#1906043

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2024-12605.html

Plugin Details

Severity: High

ID: 206427

File Name: oraclelinux_ELSA-2024-12605.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/2/2024

Updated: 11/2/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3750

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter, p-cpe:/a:oracle:linux:nbdkit-linuxdisk-plugin, p-cpe:/a:oracle:linux:libguestfs-xfs, p-cpe:/a:oracle:linux:libnbd-bash-completion, p-cpe:/a:oracle:linux:virt-v2v, p-cpe:/a:oracle:linux:libnbd, p-cpe:/a:oracle:linux:nbdkit-curl-plugin, p-cpe:/a:oracle:linux:libnbd-devel, p-cpe:/a:oracle:linux:libguestfs-rescue, p-cpe:/a:oracle:linux:libtpms-devel, p-cpe:/a:oracle:linux:hivex, p-cpe:/a:oracle:linux:libvirt-daemon-driver-network, p-cpe:/a:oracle:linux:seabios-bin, p-cpe:/a:oracle:linux:nbdkit-gzip-filter, p-cpe:/a:oracle:linux:libguestfs, p-cpe:/a:oracle:linux:libguestfs-gobject, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath, p-cpe:/a:oracle:linux:libguestfs-winsupport, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev, p-cpe:/a:oracle:linux:libguestfs-appliance, p-cpe:/a:oracle:linux:nbdkit-python-plugin, p-cpe:/a:oracle:linux:supermin-devel, p-cpe:/a:oracle:linux:seavgabios-bin, p-cpe:/a:oracle:linux:seabios, p-cpe:/a:oracle:linux:libguestfs-java, p-cpe:/a:oracle:linux:libvirt-devel, p-cpe:/a:oracle:linux:netcf-devel, p-cpe:/a:oracle:linux:qemu-virtiofsd, p-cpe:/a:oracle:linux:swtpm-tools, p-cpe:/a:oracle:linux:qemu-kvm-block-iscsi, p-cpe:/a:oracle:linux:swtpm-libs, p-cpe:/a:oracle:linux:python3-hivex, p-cpe:/a:oracle:linux:libvirt-daemon, p-cpe:/a:oracle:linux:nbdkit-basic-filters, p-cpe:/a:oracle:linux:ruby-hivex, p-cpe:/a:oracle:linux:libiscsi-utils, p-cpe:/a:oracle:linux:python3-libnbd, p-cpe:/a:oracle:linux:libguestfs-gfs2, p-cpe:/a:oracle:linux:libiscsi-devel, p-cpe:/a:oracle:linux:sgabios-bin, p-cpe:/a:oracle:linux:libguestfs-bash-completion, p-cpe:/a:oracle:linux:qemu-kvm-block-gluster, p-cpe:/a:oracle:linux:ruby-libguestfs, p-cpe:/a:oracle:linux:netcf, p-cpe:/a:oracle:linux:libvirt-lock-sanlock, p-cpe:/a:oracle:linux:libguestfs-rsync, p-cpe:/a:oracle:linux:libguestfs-javadoc, p-cpe:/a:oracle:linux:nbdkit-tar-filter, p-cpe:/a:oracle:linux:virt-dib, p-cpe:/a:oracle:linux:libvirt-nss, p-cpe:/a:oracle:linux:libguestfs-tools-c, p-cpe:/a:oracle:linux:perl-sys-guestfs, cpe:/a:oracle:linux:8::kvm_appstream, p-cpe:/a:oracle:linux:nbdkit-gzip-plugin, p-cpe:/a:oracle:linux:libvirt, p-cpe:/a:oracle:linux:virt-v2v-man-pages-uk, p-cpe:/a:oracle:linux:nbdkit, p-cpe:/a:oracle:linux:qemu-kvm-block-ssh, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster, p-cpe:/a:oracle:linux:libvirt-libs, p-cpe:/a:oracle:linux:nbdkit-tmpdisk-plugin, p-cpe:/a:oracle:linux:libvirt-daemon-config-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu, p-cpe:/a:oracle:linux:nbdkit-vddk-plugin, p-cpe:/a:oracle:linux:swtpm-tools-pkcs11, p-cpe:/a:oracle:linux:libiscsi, p-cpe:/a:oracle:linux:libvirt-dbus, p-cpe:/a:oracle:linux:qemu-kvm, p-cpe:/a:oracle:linux:swtpm-devel, p-cpe:/a:oracle:linux:libguestfs-gobject-devel, p-cpe:/a:oracle:linux:hivex-devel, p-cpe:/a:oracle:linux:libguestfs-tools, p-cpe:/a:oracle:linux:qemu-kvm-block-rbd, p-cpe:/a:oracle:linux:libguestfs-devel, p-cpe:/a:oracle:linux:nbdkit-basic-plugins, p-cpe:/a:oracle:linux:python3-libguestfs, p-cpe:/a:oracle:linux:libguestfs-inspect-icons, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:oracle:linux:libguestfs-man-pages-uk, p-cpe:/a:oracle:linux:perl-sys-virt, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:oracle:linux:python3-libvirt, p-cpe:/a:oracle:linux:sgabios, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core, p-cpe:/a:oracle:linux:nbdkit-server, p-cpe:/a:oracle:linux:nbdkit-example-plugins, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage, p-cpe:/a:oracle:linux:qemu-kvm-common, p-cpe:/a:oracle:linux:lua-guestfs, p-cpe:/a:oracle:linux:libvirt-wireshark, p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:oracle:linux:netcf-libs, p-cpe:/a:oracle:linux:libtpms, p-cpe:/a:oracle:linux:nbdkit-devel, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi-direct, p-cpe:/a:oracle:linux:qemu-img, p-cpe:/a:oracle:linux:swtpm, p-cpe:/a:oracle:linux:qemu-kvm-block-curl, p-cpe:/a:oracle:linux:qemu-kvm-core, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:perl-hivex, p-cpe:/a:oracle:linux:nbdkit-nbd-plugin, p-cpe:/a:oracle:linux:libvirt-daemon-kvm, p-cpe:/a:oracle:linux:nbdkit-xz-filter, p-cpe:/a:oracle:linux:qemu-guest-agent, p-cpe:/a:oracle:linux:libguestfs-man-pages-ja, p-cpe:/a:oracle:linux:nbdkit-tar-plugin, p-cpe:/a:oracle:linux:nbdkit-bash-completion, p-cpe:/a:oracle:linux:libguestfs-java-devel, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:oracle:linux:nbdkit-ssh-plugin, p-cpe:/a:oracle:linux:virt-v2v-bash-completion, p-cpe:/a:oracle:linux:libvirt-docs, p-cpe:/a:oracle:linux:nbdfuse, p-cpe:/a:oracle:linux:virt-v2v-man-pages-ja, p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface, p-cpe:/a:oracle:linux:supermin, p-cpe:/a:oracle:linux:libvirt-client

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2024

Vulnerability Publication Date: 3/3/2022

Reference Information

CVE: CVE-2021-3638, CVE-2021-3750, CVE-2023-0664, CVE-2023-3019, CVE-2023-40360, CVE-2023-4135, CVE-2023-42467, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2024-1441, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447, CVE-2024-3567, CVE-2024-4418

IAVA: 2024-A-0184