Oracle Linux 7 : olcne (ELSA-2022-9491)
Discription

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9491 advisory.

– A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor’s address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. (CVE-2021-3748)

– A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. (CVE-2022-26353)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news: