Race Condition Affecting qemu-img package, versions <15:6.2.0-40.module+el8.9.0+20056+d9fb1ac3.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-QEMUIMG-5816096
- published 1 Aug 2023
- disclosed 19 Jun 2023
How to fix?
Upgrade Centos:8 qemu-img to version 15:6.2.0-40.module+el8.9.0+20056+d9fb1ac3.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream qemu-img package and not the qemu-img package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.