AlmaLinuxALSA-2024:4278Important: qemu-kvm security update
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
13.8%
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
- qemu-kvm: QEMU: ‘qemu-img info’ leads to host file read/write (CVE-2024-4467)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | ppc64le | qemu-img | < 8.2.0-11.el9_4.4 | qemu-img-8.2.0-11.el9_4.4.ppc64le.rpm |
| almalinux | 9 | ppc64le | qemu-guest-agent | < 8.2.0-11.el9_4.4 | qemu-guest-agent-8.2.0-11.el9_4.4.ppc64le.rpm |
| almalinux | 9 | aarch64 | qemu-kvm-tools | < 8.2.0-11.el9_4.4 | qemu-kvm-tools-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-kvm-device-display-virtio-gpu | < 8.2.0-11.el9_4.4 | qemu-kvm-device-display-virtio-gpu-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-pr-helper | < 8.2.0-11.el9_4.4 | qemu-pr-helper-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-kvm-common | < 8.2.0-11.el9_4.4 | qemu-kvm-common-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-kvm-block-curl | < 8.2.0-11.el9_4.4 | qemu-kvm-block-curl-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-img | < 8.2.0-11.el9_4.4 | qemu-img-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-kvm-core | < 8.2.0-11.el9_4.4 | qemu-kvm-core-8.2.0-11.el9_4.4.aarch64.rpm |
| almalinux | 9 | aarch64 | qemu-kvm-docs | < 8.2.0-11.el9_4.4 | qemu-kvm-docs-8.2.0-11.el9_4.4.aarch64.rpm |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
13.8%