Nixpkgs security tracker
6.8 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
References
Affected products
- <9.1.0
Matching in nixpkgs
pkgs.qemu
Generic and open source machine emulator and virtualizer
pkgs.qemu_kvm
Generic and open source machine emulator and virtualizer
pkgs.qemu_xen
Generic and open source machine emulator and virtualizer
pkgs.qemu-user
QEMU User space emulator - launch executables compiled for one CPU on another CPU
pkgs.qemu_full
Generic and open source machine emulator and virtualizer
pkgs.qemu_test
Generic and open source machine emulator and virtualizer
pkgs.qemu-utils
Generic and open source machine emulator and virtualizer
pkgs.canokey-qemu
CanoKey QEMU Virt Card
-
nixos-unstable 0-unstable-2023-06-06
- nixpkgs-unstable 0-unstable-2023-06-06
- nixos-unstable-small 0-unstable-2023-06-06
pkgs.ubootQemuX86
Boot loader for embedded systems
-
nixos-unstable x86_defconfig-2024.10
- nixpkgs-unstable x86_defconfig-2024.10
- nixos-unstable-small x86_defconfig-2024.10
pkgs.ubootQemuX86_64
Boot loader for embedded systems
pkgs.ubootQemuAarch64
Boot loader for embedded systems
-
nixos-unstable qemu_arm64_defconfig-2024.10
- nixpkgs-unstable qemu_arm64_defconfig-2024.10
- nixos-unstable-small qemu_arm64_defconfig-2024.10
pkgs.qemu-python-utils
Python tooling used by the QEMU project to build, configure, and test QEMU
pkgs.armTrustedFirmwareQemu
Reference implementation of secure world software for ARMv8-A
pkgs.python311Packages.qemu
Python tooling used by the QEMU project to build, configure, and test QEMU
pkgs.python312Packages.qemu
Python tooling used by the QEMU project to build, configure, and test QEMU
pkgs.python313Packages.qemu
Python tooling used by the QEMU project to build, configure, and test QEMU
Package maintainers
-
@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
-
@oxalica oxalica <oxalicc@pm.me>
-
@devplayer0 Jack O'Sullivan <dev@nul.ie>
-
@DavHau David Hauer <d.hauer.it@gmail.com>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
-
@bartsch Daniel Martin <consume.noise@gmail.com>