QEMU VM Escape (CVE-2019-14378)

[Proxygen]

I understand the problem is deeper down the stack, but is there anything we can do mitigate this vuln?

https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/

 

[Stoiko Ivanov]

this should be fixed in pve-qemu-kvm (>= 4.0.0-4), which is available on PVE-6 (already on the enterprise repo) - see `apt changelog pve-qemu-kvm`

I hope this helps!

 

[spirit]

"The bug was found in the packet reassembly in SLiRP."

So this is only if you use the old "nat" mode on vm interface from proxmox <4.
bridge network is not impacted.