qemu-kvm-9.0.0-10.el9_5.3
エラータID: AXSA:2025-9924:02
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
* QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx() (CVE-2023-6693)
* qemu-kvm: net: assertion failure in update_sctp_checksum() (CVE-2024-3567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-6693
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
CVE-2024-3567
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
Update packages.
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
N/A
SRPMS
- qemu-kvm-9.0.0-10.el9_5.3.src.rpm
MD5: 8a058a64e26396c08a092496d90a08f1
SHA-256: efdc9f6290937b1529e8a47ee61ee20ff9f08d5542d0f446a4b5a73d5511e834
Size: 124.25 MB
Asianux Server 9 for x86_64
- qemu-guest-agent-9.0.0-10.el9_5.3.x86_64.rpm
MD5: ef0aa55c0951b8f212987b354efa04f0
SHA-256: 86db7798c876194c2319948b4781d564b7bda87976f81e1f4279cace84055132
Size: 486.18 kB - qemu-img-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 2b447698e7dd5fea6697370b11f6aa5a
SHA-256: 7a09a7c5d05d62c3d58e55dece223f6a35f3198c2653a91d7e5915484bd60426
Size: 2.48 MB - qemu-kvm-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 876c1707a7b9ab5abf778d5ae09d9d9c
SHA-256: adcfac1761ad68124c410a903e0cf43dc7ce5163796af7153e00ced0818aa804
Size: 56.64 kB - qemu-kvm-audio-pa-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 6fc1a7611106b29fd94864d6ef8a6a1b
SHA-256: 9c3dc4ba419eff8db8a74770f616ebce1644565ffabb47a92ec941d8ccd67d44
Size: 65.85 kB - qemu-kvm-block-blkio-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 92c7b1115ef35e441b3ca45244393700
SHA-256: 89789f42a8eac7578802f101918aa7433ef50fdb8c5839e0fe48bcd0b527d8ef
Size: 68.65 kB - qemu-kvm-block-curl-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 829b2365507354ab2497fb5db13867a6
SHA-256: 1719233794969de7a69e3c3d50362b6c413734be187d10a449a50d81bbce12d0
Size: 68.03 kB - qemu-kvm-block-rbd-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 28cf05eb1b8c2ab196d3a6416053b1a2
SHA-256: ed9cd2a37ca886c1e8fd0320a66b5f2162dc3eb251b78282eabd6e93fb67f681
Size: 71.28 kB - qemu-kvm-common-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 4ca902c2dfcd3949490cc3a516a4dfaa
SHA-256: 396e3c5841dd01acf996a09d4c4ca0c565a3a9bedb2483872fbee0ab42f34aa4
Size: 677.96 kB - qemu-kvm-core-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 4b89323aba2a016dc710aa78ddb044a2
SHA-256: a4da28907a097659143051f3faa997f57e28e28460224d54848d29eb0701096a
Size: 4.83 MB - qemu-kvm-device-display-virtio-gpu-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 4b9c70d6f1995f4757c5b5b7f9cf6c33
SHA-256: 4b8c0ffeb317504f8d3e9b9efe483a45d498a0e203ccdf08d58b118c23da3c88
Size: 77.35 kB - qemu-kvm-device-display-virtio-gpu-pci-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 573d22dff6138072a14eae8231d874ba
SHA-256: f2f71363c19f32ba65fecb7b2eb87ad265fa4c5457d7bb37fd8f29acdeee7af6
Size: 60.80 kB - qemu-kvm-device-display-virtio-vga-9.0.0-10.el9_5.3.x86_64.rpm
MD5: a1466d1a6261b8e9093ca30a6ea7c167
SHA-256: 1a35cb79aab26fcd544f1c553155c0a2b5ba4b9a9463cd86ab58a1a3720f60fc
Size: 62.23 kB - qemu-kvm-device-usb-host-9.0.0-10.el9_5.3.x86_64.rpm
MD5: d80c689ceca567a42580e2819f9636da
SHA-256: 69cbf54de4035f5d8908e8d7e4bdb4402ec67c405c7abe9138c458e278ee9629
Size: 75.15 kB - qemu-kvm-device-usb-redirect-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 505f42af5ecb23c9f18fd41ffe0198aa
SHA-256: da7b209ff412589f934e9a5921724d21ea2b3ca995771355aac0333df848d98f
Size: 79.96 kB - qemu-kvm-docs-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 09bd55525c4f5133a084f87afb19f9a9
SHA-256: 6cb8e4b65cea0fd9c8681c2610f81941e4730e82e7905b115d344132cc69e65d
Size: 1.26 MB - qemu-kvm-tools-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 79252b55cb7058259e6e8b5ba07f450e
SHA-256: 86710b1556e1cf839be0011597a3b08bbf016194b2456d4d93eb02628292095d
Size: 580.80 kB - qemu-kvm-ui-egl-headless-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 7bf1a1cf9bb10cdee804dadcf4c1cf14
SHA-256: cbd9dff1edbe0a4e47d38ed8451d45337db890583b8cdff23100fda8b1313f41
Size: 61.55 kB - qemu-kvm-ui-opengl-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 84a0e4ff5dd2715e5384210d47a27e05
SHA-256: bbc6ce35ef77f3144033055aa88ab319022d78464145ca694d5041800a2993d6
Size: 68.69 kB - qemu-pr-helper-9.0.0-10.el9_5.3.x86_64.rpm
MD5: 413e5159cc95697599f7b1025ee78be5
SHA-256: 8e974f37c72ad9a5196e5adeabba37f08c2441d9ac421ff9062d9f13639ed2f3
Size: 489.88 kB
日本語