Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. The following packages have been upgraded to a later upstream version: qemu-kvm , libvirt , libvirt-python , perl-Sys-Virt , seabios , libtpms . Security Fix: * QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value due to incorrect check of bytes_in_use value in MFT records * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i triggered by specially crafted NTFS attributes * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open triggered by a specially crafted NTFS inode * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag triggered by a specially crafted NTFS attribute from MFT * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i * ntfs-3g: Integer overflow in memmove leading to heap buffer overflow in ntfs_attr_record_resize * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef triggered by an invalid attribute * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name * ntfs-3g: Endless recursion from ntfs_attr_pwrite triggered by an unallocated bitmap * ntfs-3g: Out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name caused by an unsanitized attribute length * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite * ntfs-3g: Out-of-bounds access in ntfs_decompress * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value caused by an unsanitized attribute * libnbd: nbdcopy: missing error handling may create corrupted destination image * hivex: stack overflow due to recursive call of _get_children * nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS * libvirt: segmentation fault during VM shutdown can lead to vdsm hang * QEMU: NULL pointer dereference in mirror_wait_on_conflicts in block/mirror.c * QEMU: NULL pointer dereference in pci_write in hw/acpi/pcihp.c * QEMU: block: fdc: null pointer dereference may lead to guest crash For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.