In the case of CVE-2019-5497, when the guest crashes the QEMU process on the host, the crash could potentially result in the host OS or other VMs being compromised due to the possibility of remote code execution. This is a similar issue to CVE-2019-5498, which was fixed in QEMU in version 1.1.11. Note that as with CVE-2019-5498, this issue is only exploitable when running QEMU on the host where the vulnerable controller is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

RCE was found in the handling of RDMA message buffers in the VFIO driver for Virtio network devices. An attacker could leverage this to create a malicious guest VM, where the attacker controlled VM would cause the QEMU process on the host to crash resulting in a remote code execution. This is a similar issue to CVE-2019-5499, which was fixed in QEMU in version 1.1.11. This issue is only exploitable when running QEMU on the host where the vulnerable network device is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

Improving Update and Security Behavior

CVE-2021-3928 is a similar issue to CVE-2019-5498, which was fixed in QEMU in version 1.1.11. However, this issue would only be exploitable when running QEMU on the host where the vulnerable controller is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

RCE was found in the handling of RDMA message buffers in the VFIO driver for Virtio network devices. An attacker could leverage this to create a malicious guest VM, where the attacker controlled VM would cause the QEMU process on the host to crash resulting in a remote code execution. This is a similar issue to CVE-2019-5499, which was fixed in QEMU in version 1.1.11. This issue is only exploitable when running QEMU on the host where the vulnerable network device is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

CVE-2019-5498

In the case of CVE-2019-5498, when the guest crashes the QEMU process on the host, the crash could potentially result in exploitation of a buffer overflow vulnerability. This is a similar issue to CVE-2019-5499, which was fixed in QEMU in version 1.1.11. Note that as with CVE-2019-5498, this issue is only exploitable when running QEMU on the host where the vulnerable controller is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

CVE-2019-5497 - VFIO RCE

In the case of CVE-2019-5497, when the guest crashes the QEMU process on the host, the crash could potentially result in the host OS or other VMs being compromised due to the possibility of remote code execution. This is a similar issue to CVE-2019-5498, which was fixed in QEMU in version 1.1.11. Note that as with CVE-2019-5498, this issue is only exploitable when running QEMU on the host where the vulnerable controller is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

RCE was found in the handling of RDMA message buffers in the VFIO driver for Virtio network devices. An attacker could leverage this to create a malicious guest VM, where the attacker controlled VM would cause the QEMU process on the host to crash resulting in a remote code execution. This is a similar issue to CVE-2019-5499, which was fixed in QEMU in version 1.1.11. This issue is only exploitable when running QEMU on the host where the vulnerable network device is emulated. End users running QEMU on a virtual machine are not at risk of these issues as QEMU is a single-user application.

Timeline

Published on: 08/25/2022 20:15:00 UTC
Last modified on: 09/23/2022 03:15:00 UTC

References