Описание
Security update for qemu
This update for qemu fixes the following issues:
- Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523)
- Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
- Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)
- Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719)
- Fixed 'Failed to try-restart qemu-ga@.service' error while updating the qemu-guest-agent. (bsc#1178565)
- Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049)
Список пакетов
Container suse/sles/15.2/virt-handler:0.38.1
Container suse/sles/15.2/virt-launcher:0.38.1
Image SLES15-SP2-EC2-ECS-HVM
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
Ссылки
- Link for SUSE-SU-2021:0521-1
- E-Mail link for SUSE-SU-2021:0521-1
- SUSE Security Ratings
- SUSE Bug 1178049
- SUSE Bug 1178565
- SUSE Bug 1179717
- SUSE Bug 1179719
- SUSE Bug 1180523
- SUSE Bug 1181639
- SUSE Bug 1181933
- SUSE Bug 1182137
- SUSE CVE CVE-2020-11947 page
- SUSE CVE CVE-2021-20181 page
- SUSE CVE CVE-2021-20203 page
- SUSE CVE CVE-2021-20221 page
Описание
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
Затронутые продукты
Ссылки
- CVE-2020-11947
- SUSE Bug 1180523
Описание
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2021-20181
- SUSE Bug 1182137
Описание
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Затронутые продукты
Ссылки
- CVE-2021-20203
- SUSE Bug 1181639
Описание
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Затронутые продукты
Ссылки
- CVE-2021-20221
- SUSE Bug 1181933