6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
0.017 Low
EPSS
Percentile
87.7%
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly
This update fixes the following bug:
Users of qemu-kvm are advised to upgrade to these updated packages. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | qemu-kvm-common-rhev | < 2.12.0-18.el7_6.11 | qemu-kvm-common-rhev-2.12.0-18.el7_6.11.x86_64.rpm |
RedHat | 7 | x86_64 | qemu-kvm-tools-rhev | < 2.12.0-18.el7_6.11 | qemu-kvm-tools-rhev-2.12.0-18.el7_6.11.x86_64.rpm |
RedHat | 7 | x86_64 | qemu-kvm-rhev-debuginfo | < 2.12.0-18.el7_6.11 | qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.11.x86_64.rpm |
RedHat | 7 | x86_64 | qemu-img-rhev | < 2.12.0-18.el7_6.11 | qemu-img-rhev-2.12.0-18.el7_6.11.x86_64.rpm |
RedHat | 7 | x86_64 | qemu-kvm-rhev | < 2.12.0-18.el7_6.11 | qemu-kvm-rhev-2.12.0-18.el7_6.11.x86_64.rpm |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
0.017 Low
EPSS
Percentile
87.7%