发布于3月6日3月6日 Members SUSE: CVE-2024-4467: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 08/22/2024 Added 08/21/2024 Modified 08/28/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-pipewire suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-doc suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-headless suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-img suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-linux-user suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-pr-helper suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-spice suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2024-4467 CVE - 2024-4467
