Moderate: virt:rhel and virt-devel:rhel security and bug fix update

2023-06-2700:00:00

Google

osv.dev

kvm

linux

virtualization

memory leak

log spamming

bug fix

rhel

libvirt

api

hardware platforms

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

libvirt: Memory leak in virPCIVirtualFunctionList cleanup (CVE-2023-2700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Logs are spammed with ’ Domain id=7 is tainted: custom-ga-command’ message (BZ#2180030)
[qemu] snapshot is failing with error libvirt.libvirtError: internal error: QEMU monitor reply exceeds buffer size (10485760 bytes) (BZ#2181575)