RHSA-2023:5405: Red Hat Security Advisory: virt:av and virt-devel:av security update

An update for the virt:av and virt-devel:av modules is now available for Advanced Virtualization for RHEL 8.4.0.EUS. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

• CVE-2022-40284: A buffer overflow flaw was found in NTFS-3G. This issue occurs via a crafted metadata in an NTFS image that can cause code execution. A local attacker can exploit this issue if the NTFS-3G binary is setuid root. A physically proximate attacker can exploit this issue if the NTFS-3G software is configured to execute upon attachment of an external storage device. Also this vulnerability may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has physical access to an external port to a computer which is configured to run the ntfs-3g binary or one of the ntfsprogs tools when the external storage is plugged into the computer. This vulnerability results from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflow, which could be exploited by an attacker.