First published: Fri May 10 2024(Updated: )
A flaw was found in QEMU in the Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). The original patch [1] was found to be incomplete and is currently being reworked upstream [2][3]. [1] <a href="https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304">https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304</a> [2] <a href="https://gitlab.com/qemu-project/qemu/-/issues/2321">https://gitlab.com/qemu-project/qemu/-/issues/2321</a> [3] <a href="https://gitlab.com/qemu-project/qemu/-/issues/2334">https://gitlab.com/qemu-project/qemu/-/issues/2334</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.