|Category:||Huawei EulerOS Local Security Checks|
|Title:||Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-2392)|
|Summary:||The remote host is missing an update for the Huawei EulerOS; 'qemu-kvm' package(s) announced via the EulerOS-SA-2020-2392 advisory.|
The remote host is missing an update for the Huawei EulerOS
'qemu-kvm' package(s) announced via the EulerOS-SA-2020-2392 advisory.
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.(CVE-2019-20382)
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.(CVE-2019-15890)
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.(CVE-2020-14364)
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.(CVE-2020-15863)
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.(CVE-2014-3689)
'qemu-kvm' package(s) on Huawei EulerOS V2.0SP2.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2014-3689|
Debian Security Information: DSA-3066 (Google Search)
Debian Security Information: DSA-3067 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.