Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS
Recently, two memory-related flaws were discovered in QEMU, a popular open-source machine emulator and virtualizer. The vulnerabilities, identified as CVE-2024-26327 and CVE-2024-26328, affect QEMU versions 7.1.0 through 8.2.1. Both vulnerabilities stem from mishandling of memory operations within the QEMU codebase.
An attacker could exploit these issues to trigger a buffer overflow or out-of-bounds memory access, potentially crashing the QEMU process and disrupting your virtualized environment.
Overview of QEMU Vulnerabilities
Here’s a closer look at the two critical issues:
Buffer Overflow Vulnerability (CVE-2024-26327)
This vulnerability is linked to the mishandling of the register_vfs function within the hw/pci/pcie_sriov.c file. Specifically, the flaw occurs when a guest system writes a number of Virtual Functions (NumVFs) greater than the Total Virtual Functions (TotalVFs) allowed, leading to a buffer overflow in Virtual Function (VF) implementations. This can result in unpredictable behavior, allowing an attacker to cause a denial of service by crashing the QEMU instance or affecting other VMs on the host.
Out-of-Bounds Memory Access Vulnerability (CVE-2024-26328)
The second issue also involves the register_vfs function in hw/pci/pcie_sriov.c. In this case, the problem arises because NumVFs is not set to PCI_SRIOV_TOTAL_VF, leading to improper interactions with the hw/nvme/ctrl.c module. This mishandling of memory operations can result in out-of-bounds memory access, which attackers could exploit to disrupt service availability.
Staying Secure
To protect your systems from these vulnerabilities, it is essential to update your QEMU installation to the latest version as soon as possible. This will ensure that the vulnerabilities are patched, and your virtualized environment remains secure. Canonical has already released patches for Ubuntu 24.04 LTS, and users are advised to apply these updates immediately.
Conclusion
By promptly applying updates, you can minimize their exposure to potential attacks and ensure the virtual environments remain resilient and secure.
TuxCare’s QEMUCare offers automated live patching for QEMU-based virtualization systems, allowing you to apply security updates without requiring a reboot or migration. This ensures your infrastructure remains protected with minimal disruption to your operations.
QEMUCare is available as an add-on tool to KernelCare Enterprise, a live kernel patching tool for Linux distributions.
Source: USN-6977-1