Описание
ELSA-2022-9669: qemu security update (IMPORTANT)
[15:4.2.1-18.el7]
- block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Orabug: 33785156]
- file-posix: try BLKSECTGET on block devices too, do not round to power of 2 (Paolo Bonzini) [Orabug: 33785156]
- block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785156]
- block-backend: align max_transfer to request alignment (Paolo Bonzini) [Orabug: 33785156]
- osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156]
- scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo Bonzini) [Orabug: 33785156]
- file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 33785156]
- display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207}
- ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34049509] {CVE-2021-4206}
- hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Mathieu-Daude) [Orabug: 32860387] {CVE-2021-3507}
- pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249]
- tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763]
- libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug: 34284758]
- libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) [Orabug: 34284768]
- target/i386/kvm: Fix disabling MPX on '-cpu host' with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615]
- i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost) [Orabug: 33860224]
- ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug: 25327652]
- tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 34132842]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ivshmem-tools
4.2.1-18.el7
qemu
4.2.1-18.el7
qemu-block-gluster
4.2.1-18.el7
qemu-block-iscsi
4.2.1-18.el7
qemu-block-rbd
4.2.1-18.el7
qemu-common
4.2.1-18.el7
qemu-img
4.2.1-18.el7
qemu-kvm
4.2.1-18.el7
qemu-kvm-core
4.2.1-18.el7
qemu-system-aarch64
4.2.1-18.el7
qemu-system-aarch64-core
4.2.1-18.el7
Oracle Linux x86_64
qemu
4.2.1-18.el7
qemu-block-gluster
4.2.1-18.el7
qemu-block-iscsi
4.2.1-18.el7
qemu-block-rbd
4.2.1-18.el7
qemu-common
4.2.1-18.el7
qemu-img
4.2.1-18.el7
qemu-kvm
4.2.1-18.el7
qemu-kvm-core
4.2.1-18.el7
qemu-system-x86
4.2.1-18.el7
qemu-system-x86-core
4.2.1-18.el7
Связанные CVE
Связанные уязвимости
ELSA-2022-9700: virt:kvm_utils security update (IMPORTANT)
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.