Detections
Analytics
QEMU 7.2.x < 7.2.15, 8.0.x < 8.0.6, 8.1.x < 8.1.6, 8.2.x < 8.2.8, 9.0.x < 9.0.4, 9.1.x < 9.1.1 Information Leak
low Nessus Plugin ID 207835
Language:
Synopsis
The remote host has virtualization software installed that is affected by an information leak.Description
The version of QEMU installed on the remote Windows host is prior to 8.2.1 and therefore vulnerable to the following:A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to QEMU 7.2.15, 8.0.6, 8.1.6, 8.2.8, 9.0.4, 9.1.1 or later.See Also
Plugin Details
Severity: Low
ID: 207835
File Name: qemu_win_9_1_0.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 9/27/2024
Updated: 11/15/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.6
CVSS v2
Risk Factor: Low
Base Score: 1.7
Temporal Score: 1.3
Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2024-8612
CVSS v3
Risk Factor: Low
Base Score: 3.8
Temporal Score: 3.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:qemu:qemu
Required KB Items: installed_sw/QEMU
Exploit Ease: No known exploits are available
Patch Publication Date: 9/19/2024
Vulnerability Publication Date: 9/19/2024
Reference Information
CVE: CVE-2024-8612
IAVB: 2024-B-0141-S