rpm package

almalinux/libguestfs-rescue

pkg:rpm/almalinux/libguestfs-rescue

Vulnerabilities (63)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-30786	—	< 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784	—	< 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	May 26, 2022	A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3750	—	< 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	May 2, 2022	A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790	—	< 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma	May 2, 2022	ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2021-3748	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Mar 23, 2022	A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2021-20257	—	< 1:1.40.2-28.module_el8.5.0+2608+72063365.alma	1:1.40.2-28.module_el8.5.0+2608+72063365.alma	Mar 16, 2022	An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
CVE-2022-26354	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Mar 16, 2022	A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Mar 16, 2022	A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Mar 2, 2022	A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
CVE-2021-3667	—	< 1:1.40.2-28.module_el8.5.0+2608+72063365.alma	1:1.40.2-28.module_el8.5.0+2608+72063365.alma	Mar 2, 2022	An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
CVE-2021-3631	—	< 1:1.40.2-28.module_el8.5.0+2608+72063365.alma	1:1.40.2-28.module_el8.5.0+2608+72063365.alma	Mar 2, 2022	A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
CVE-2021-3930	—	< 1:1.40.2-28.module_el8.5.0+2608+72063365.alma	1:1.40.2-28.module_el8.5.0+2608+72063365.alma	Feb 18, 2022	An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
CVE-2021-4145	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Jan 25, 2022	A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra
CVE-2021-3622	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Dec 23, 2021	A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s
CVE-2021-39263	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Sep 7, 2021	A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
CVE-2021-39262	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Sep 7, 2021	A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-39261	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Sep 7, 2021	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39260	—	< 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma	Sep 7, 2021	A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

CVE-2022-30786May 26, 2022
affected < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.almafixed 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784May 26, 2022
affected < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.almafixed 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3750May 2, 2022
affected < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.almafixed 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790May 2, 2022
affected < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.almafixed 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206Apr 29, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207Apr 29, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2021-3748Mar 23, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2021-20257Mar 16, 2022
affected < 1:1.40.2-28.module_el8.5.0+2608+72063365.almafixed 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
CVE-2022-26354Mar 16, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353Mar 16, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716Mar 2, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
CVE-2021-3667Mar 2, 2022
affected < 1:1.40.2-28.module_el8.5.0+2608+72063365.almafixed 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
CVE-2021-3631Mar 2, 2022
affected < 1:1.40.2-28.module_el8.5.0+2608+72063365.almafixed 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
CVE-2021-3930Feb 18, 2022
affected < 1:1.40.2-28.module_el8.5.0+2608+72063365.almafixed 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
CVE-2021-4145Jan 25, 2022
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra
CVE-2021-3622Dec 23, 2021
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s
CVE-2021-39263Sep 7, 2021
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
CVE-2021-39262Sep 7, 2021
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-39261Sep 7, 2021
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39260Sep 7, 2021
affected < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.almafixed 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

Page 2 of 4