Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Accepted

Filter by:

With package: qemu-utils

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2024-8612

3.8 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 year, 4 months ago by @fricklerhandwerk Activity log

Created automatic suggestion 1 year, 4 months ago
@fricklerhandwerk accepted 1 year, 4 months ago

Qemu-kvm: information leak in virtio devices

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

References

https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87…
https://security.netapp.com/advisory/ntap-20241108-0006/
https://access.redhat.com/security/cve/CVE-2024-8612 vdb-entryx_refsource_REDHAT
RHBZ#2313760 x_refsource_REDHATissue-tracking
https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87…
https://security.netapp.com/advisory/ntap-20241108-0006/

Affected products

qemu

*

qemu-kvm

qemu-kvm-ma

virt:av/qemu-kvm

virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@alyssais Alyssa Ross <hi@alyssa.is>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@hehongbo Hongbo

1