REDHAT-BUG-2292089: Use After Free
First published: Wed Jun 12 2024(Updated: )
There is an use-after-free vulnerability in QEMU LSI53C895A SCSI Host Bus Adapter emulation, which can lead to VM escape. The crash noticed in this case is an write to freed memory. But given the complexity of the freed structure, multiple primitives like dereferencing function pointers, etc., should be possible.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2292089?
REDHAT-BUG-2292089 is considered a critical vulnerability due to the potential for VM escape.
How do I fix REDHAT-BUG-2292089?
To fix REDHAT-BUG-2292089, update your QEMU installation to the latest patched version that addresses this vulnerability.
What systems are affected by REDHAT-BUG-2292089?
REDHAT-BUG-2292089 affects systems running QEMU with LSI53C895A SCSI Host Bus Adapter emulation.
What could happen if REDHAT-BUG-2292089 is exploited?
Exploitation of REDHAT-BUG-2292089 can result in a system crash or allow an attacker to escape the guest VM environment.
Is there a workaround for REDHAT-BUG-2292089?
Currently, there are no officially recommended workarounds for REDHAT-BUG-2292089, and the best action is to apply updates.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-6519
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu