Red Hat Enterprise Linux 8.2: RHSA-2022-0973 QEMU-KVM Privilege Escalation
red hat
March 21, 2022
An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.2
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Kernel-based Virtual Machine (KVM) offers a full virtualization solution
for
Linux on numerous hardware platforms. The virt:rhel module contains
packages
which provide user-space components used to run virtual machines using KVM.
The
packages also provide APIs for managing and interacting with the
virtualized
systems.
Security Fix(es):
* QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
(CVE-2022-0358)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2022-0358 https://access.redhat.com/security/updates/classification#moderate
Package List
Advanced Virtualization for RHEL 8.2.1:
Source:
SLOF-20191022-3.git899d9883.module+el8.2.0+5449+efc036dd.src.rpm
hivex-1.3.18-20.module+el8.2.0+5588+63a201c3.src.rpm
libguestfs-1.40.2-24.module+el8.2.1+7154+47ffd890.src.rpm
libguestfs-winsupport-8.2-2.module+el8.2.1+12663+d52ebc0d.src.rpm
libiscsi-1.18.0-8.module+el8.2.0+4793+b09dd2fb.src.rpm
libnbd-1.2.2-1.module+el8.2.0+5644+32ac38d4.src.rpm
libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.2.0+4793+b09dd2fb.src.rpm
libvirt-6.0.0-25.6.module+el8.2.1+12457+868e9540.src.rpm
libvirt-dbus-1.3.0-2.module+el8.2.0+4793+b09dd2fb.src.rpm
libvirt-python-6.0.0-1.module+el8.2.0+5453+31b2b136.src.rpm
nbdkit-1.16.2-4.module+el8.2.1+6710+effcb1df.src.rpm
netcf-0.2.8-12.module+el8.2.0+4793+b09dd2fb.src.rpm
perl-Sys-Virt-6.0.0-1.module+el8.2.0+5488+267def79.src.rpm
python-pyvmomi-6.7.1-7.module+el8.2.0+4793+b09dd2fb.src.rpm
qemu-kvm-4.2.0-29.module+el8.2.1+14195+13a89360.11.src.rpm
seabios-1.13.0-2.module+el8.2.1+7284+aa32a2c4.src.rpm
sgabios-0.20170427git-3.module+el8.2.0+4793+b09dd2fb.src.rpm
supermin-5.1.19-10.module+el8.2.0+4793+b09dd2fb.src.rpm
swtpm-0.2.0-2.20200127gitff5a83b.module+el8.2.0+5579+d71178e0.src.rpm
virglrenderer-0.8.2-1.module+el8.2.0+5777+d9c2af8c.src.rpm
aarch64:
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:0973-01
Product: Advanced Virtualization
Advisory URL: Issue date: 2022-03-21
Topic
An update for the virt:av and virt-devel:av modules is now available forRed Hat Enterprise Linux Advanced Virtualization 8.2.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Advanced Virtualization CodeReady Builder for RHEL 8.2.1 - aarch64, ppc64le, s390x, x86_64
Advanced Virtualization for RHEL 8.2.1 - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
2044863 - CVE-2022-0358 QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!