An out-of-bounds heap buffer access issue was found in the way iSCSI Block driver
in QEMU handled response coming from an iSCSI server, while checking
status of a Logical Address Block (LBA) in iscsi_co_block_status() routine.
A remote user could use this flaw to crash the QEMU process resulting in DoS OR
potentially execute arbitrary code with privileges of the QEMU process on the
Name: Felipe Franciosi (nutanix.com), Raphael Norwitz (nutanix.com), Peter Turschmid (nutanix.com)
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1794494]
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1794524]
This issue affects the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.
Hi, do we have an update on this issue as it will affect our container grades. Is someone actively working on a fix?