发布于3月6日3月6日 Members Amazon Linux AMI 2: CVE-2023-0330: Security patch for qemu (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 03/06/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. Solution(s) amazon-linux-ami-2-upgrade-ivshmem-tools amazon-linux-ami-2-upgrade-qemu amazon-linux-ami-2-upgrade-qemu-audio-alsa amazon-linux-ami-2-upgrade-qemu-audio-oss amazon-linux-ami-2-upgrade-qemu-audio-pa amazon-linux-ami-2-upgrade-qemu-audio-sdl amazon-linux-ami-2-upgrade-qemu-block-curl amazon-linux-ami-2-upgrade-qemu-block-dmg amazon-linux-ami-2-upgrade-qemu-block-iscsi amazon-linux-ami-2-upgrade-qemu-block-nfs amazon-linux-ami-2-upgrade-qemu-block-rbd amazon-linux-ami-2-upgrade-qemu-block-ssh amazon-linux-ami-2-upgrade-qemu-common amazon-linux-ami-2-upgrade-qemu-debuginfo amazon-linux-ami-2-upgrade-qemu-guest-agent amazon-linux-ami-2-upgrade-qemu-img amazon-linux-ami-2-upgrade-qemu-kvm amazon-linux-ami-2-upgrade-qemu-kvm-core amazon-linux-ami-2-upgrade-qemu-system-aarch64 amazon-linux-ami-2-upgrade-qemu-system-aarch64-core amazon-linux-ami-2-upgrade-qemu-system-x86 amazon-linux-ami-2-upgrade-qemu-system-x86-core amazon-linux-ami-2-upgrade-qemu-ui-curses amazon-linux-ami-2-upgrade-qemu-ui-gtk amazon-linux-ami-2-upgrade-qemu-ui-sdl amazon-linux-ami-2-upgrade-qemu-user amazon-linux-ami-2-upgrade-qemu-user-binfmt amazon-linux-ami-2-upgrade-qemu-user-static References https://attackerkb.com/topics/cve-2023-0330 AL2/ALAS-2023-2148 AL2/ALAS-2023-2191 CVE - 2023-0330
