Ubuntu Security Update USN-6954-1: QEMU vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,780
Reaction score
94
Credits
-1,257
Markus Frank and Fiona Ebner discovered that QEMU did not properly handle certain memory operations, leading to a NULL pointer dereference. An authenticated user could potentially use this issue to cause a denial of service. (CVE-2023-6683) Xiao Lei discovered that QEMU did not properly handle certain memory operations when specific features were enabled, which could lead to a stack overflow. An attacker could potentially use this issue to leak sensitive information. (CVE-2023-6693) It was discovered that QEMU had an integer underflow vulnerability in the TI command, which would result in a buffer overflow. An attacker could potentially use this issue to cause a denial of service. (CVE-2024-24474)

Continue reading...
 


Follow Linux.org

Members online


Latest posts

Top