1. 漏洞描述

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.

Security Fix(es):

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.(CVE-2023-0330)

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.(CVE-2024-3446)

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.(CVE-2024-3447)

2. 影响范围

3. 影响组件

4. 修复版本

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

6. 下载链接

KY3.5.2:

x86_64:

     qemu-help   

     qemu-block-rbd   

     qemu-img   

     qemu-system-riscv   

     qemu-block-curl   

     qemu-system-x86_64   

     qemu-system-arm   

     qemu-block-ssh   

     qemu-seabios   

     qemu-hw-usb-host   

     qemu-guest-agent   

     qemu   

     qemu-system-aarch64   

     qemu-block-iscsi   

aarch64:

     qemu-help   

     qemu-system-x86_64   

     qemu-guest-agent   

     qemu-system-arm   

     qemu   

     qemu-system-riscv   

     qemu-block-iscsi   

     qemu-block-ssh   

     qemu-system-aarch64   

     qemu-img   

     qemu-hw-usb-host   

     qemu-block-rbd   

     qemu-block-curl