Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow (CVE-2024-26327)
QEMU: virtio: DMA reentrancy issue leads to double free vulnerability (CVE-2024-3446)
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure (CVE-2024-7409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.