rpm package

almalinux/libvirt-daemon-driver-storage-mpath

pkg:rpm/almalinux/libvirt-daemon-driver-storage-mpath

Vulnerabilities (75)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-4158	—	< 8.0.0-5.module_el8.6.0+2880+7d9e3703	8.0.0-5.module_el8.6.0+2880+7d9e3703	Aug 24, 2022	A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3975	—	< 8.0.0-5.module_el8.6.0+2880+7d9e3703	8.0.0-5.module_el8.6.0+2880+7d9e3703	Aug 23, 2022	A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
CVE-2022-30789	—	< 8.0.0-19.module_el8.8.0+3553+bd08596b	8.0.0-19.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788	—	< 8.0.0-19.module_el8.8.0+3553+bd08596b	8.0.0-19.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786	—	< 8.0.0-19.module_el8.8.0+3553+bd08596b	8.0.0-19.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784	—	< 8.0.0-19.module_el8.8.0+3553+bd08596b	8.0.0-19.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3750	—	< 8.0.0-22.module_el8.9.0+3662+ef5fc290	8.0.0-22.module_el8.9.0+3662+ef5fc290	May 2, 2022	A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790	—	< 8.0.0-19.module_el8.8.0+3553+bd08596b	8.0.0-19.module_el8.8.0+3553+bd08596b	May 2, 2022	ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206	—	< 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207	—	< 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2022-0897	—	< 8.5.0-7.el9_1	8.5.0-7.el9_1	Mar 25, 2022	A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilt
CVE-2021-3748	—	< 8.0.0-5.module_el8.6.0+2880+7d9e3703	8.0.0-5.module_el8.6.0+2880+7d9e3703	Mar 23, 2022	A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2021-20257	—	< 6.0.0-37.module_el8.5.0+2608+72063365	6.0.0-37.module_el8.5.0+2608+72063365	Mar 16, 2022	An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
CVE-2022-26354	—	< 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	Mar 16, 2022	A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353	—	< 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	8.0.0-5.2.module_el8.6.0+3071+a07c0ea5	Mar 16, 2022	A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716	—	< 8.0.0-5.module_el8.6.0+2880+7d9e3703	8.0.0-5.module_el8.6.0+2880+7d9e3703	Mar 2, 2022	A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
CVE-2021-3667	—	< 6.0.0-37.module_el8.5.0+2608+72063365	6.0.0-37.module_el8.5.0+2608+72063365	Mar 2, 2022	An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
CVE-2021-3631	—	< 6.0.0-37.module_el8.5.0+2608+72063365	6.0.0-37.module_el8.5.0+2608+72063365	Mar 2, 2022	A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
CVE-2021-3930	—	< 6.0.0-37.module_el8.5.0+2608+72063365	6.0.0-37.module_el8.5.0+2608+72063365	Feb 18, 2022	An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
CVE-2021-4145	—	< 8.0.0-5.module_el8.6.0+2880+7d9e3703	8.0.0-5.module_el8.6.0+2880+7d9e3703	Jan 25, 2022	A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra

CVE-2021-4158Aug 24, 2022
affected < 8.0.0-5.module_el8.6.0+2880+7d9e3703fixed 8.0.0-5.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3975Aug 23, 2022
affected < 8.0.0-5.module_el8.6.0+2880+7d9e3703fixed 8.0.0-5.module_el8.6.0+2880+7d9e3703
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
CVE-2022-30789May 26, 2022
affected < 8.0.0-19.module_el8.8.0+3553+bd08596bfixed 8.0.0-19.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788May 26, 2022
affected < 8.0.0-19.module_el8.8.0+3553+bd08596bfixed 8.0.0-19.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786May 26, 2022
affected < 8.0.0-19.module_el8.8.0+3553+bd08596bfixed 8.0.0-19.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784May 26, 2022
affected < 8.0.0-19.module_el8.8.0+3553+bd08596bfixed 8.0.0-19.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3750May 2, 2022
affected < 8.0.0-22.module_el8.9.0+3662+ef5fc290fixed 8.0.0-22.module_el8.9.0+3662+ef5fc290
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790May 2, 2022
affected < 8.0.0-19.module_el8.8.0+3553+bd08596bfixed 8.0.0-19.module_el8.8.0+3553+bd08596b
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206Apr 29, 2022
affected < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5fixed 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207Apr 29, 2022
affected < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5fixed 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2022-0897Mar 25, 2022
affected < 8.5.0-7.el9_1fixed 8.5.0-7.el9_1
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilt
CVE-2021-3748Mar 23, 2022
affected < 8.0.0-5.module_el8.6.0+2880+7d9e3703fixed 8.0.0-5.module_el8.6.0+2880+7d9e3703
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2021-20257Mar 16, 2022
affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
CVE-2022-26354Mar 16, 2022
affected < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5fixed 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353Mar 16, 2022
affected < 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5fixed 8.0.0-5.2.module_el8.6.0+3071+a07c0ea5
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716Mar 2, 2022
affected < 8.0.0-5.module_el8.6.0+2880+7d9e3703fixed 8.0.0-5.module_el8.6.0+2880+7d9e3703
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
CVE-2021-3667Mar 2, 2022
affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
CVE-2021-3631Mar 2, 2022
affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
CVE-2021-3930Feb 18, 2022
affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
CVE-2021-4145Jan 25, 2022
affected < 8.0.0-5.module_el8.6.0+2880+7d9e3703fixed 8.0.0-5.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra

Page 2 of 4