CVE-2021-4207

Thanks for the report - we'll look into pulling it in asap!

the issue seems not too bad - IIUC - the guest can ... crash itself... by a privileged user inside it (and those can simply power it down anyways)

BelCloud said:
Does anyone know if this affects the default vga or virtio-gpu ?

Do I understand it correctly that it only affects if the graphic card is set to SPICE?
Click to expand...
IIUC it only affects VMs where the display is set to qxl/spice
 
FWIW, as some other smaller fixes where due to be released anyway we also included fixes for both CVE-2021-4207, and CVE-2021-4206 in the new pve-qemu-kvm version 6.2.0-6 available on the pvetest repository at time of writing.
 
  • Like
Reactions: Stoiko Ivanov and Moayad
Stoiko Ivanov said:
Thanks for the report - we'll look into pulling it in asap!

the issue seems not too bad - IIUC - the guest can ... crash itself... by a privileged user inside it (and those can simply power it down anyways)


IIUC it only affects VMs where the display is set to qxl/spice
Click to expand...
Thank you very much!

Doesn't "potentially execute arbitrary code within the context of the QEMU process" mean they could execute code on the host, as the qemu process runs as root?
 
BelCloud said:
Thank you very much!

Doesn't "potentially execute arbitrary code within the context of the QEMU process" mean they could execute code on the host, as the qemu process runs as root?
Click to expand...
I think they add such things for any heap overflow as over multiple edges it may become possible for most such things, but, that doesn't mean that it's trivial, or even known about how to actually do it for this specific case; at least I checked and didn't find anything slightly more specific in that direction.

Anyhow, it's definitively better to have those known hole plugged and be on the safe side.
 
You must log in or register to reply here.
Top Bottom