Hello,
Do you have any information on how the vulnerabilities discovered on glibc affect Qubes OS?
CVE-2023-6779 (glibc): This vulnerability involves an off-by-one heap-based buffer overflow in the __vsyslog_internal() function.
CVE-2023-6780 (glibc): This is an integer overflow issue in the __vsyslog_internal() function.
The article from those who discovered the flaw: Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
It shouldn’t have any significant impact, the user account already has access to your data in each qube. It doesn’t really matter if the attack has root access, which is why Qubes OS uses passwordless root.
Qubes OS assumes exploits exist, and give you the tools to deal with it.
From what I’ve read, this has a big impact on virtualization systems. I was asking if there was a risk that this flaw could be exploited by attackers to get out of virtualization and get into dom0.