Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)
- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)
- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)
- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)
- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)
- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)
- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)
- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)
- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)
- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)
- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)
- CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)
- CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)
- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)
- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)
- Added a few more usability improvements for our git packaging workflow
Список пакетов
Container suse/sles/15.2/virt-handler:0.38.1
Container suse/sles/15.2/virt-launcher:0.38.1
Image SLES15-SP2-EC2-ECS-HVM
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
Ссылки
- Link for SUSE-SU-2021:1243-1
- E-Mail link for SUSE-SU-2021:1243-1
- SUSE Security Ratings
- SUSE Bug 1172385
- SUSE Bug 1173612
- SUSE Bug 1176673
- SUSE Bug 1176682
- SUSE Bug 1176684
- SUSE Bug 1178174
- SUSE Bug 1178400
- SUSE Bug 1178934
- SUSE Bug 1179466
- SUSE Bug 1179467
- SUSE Bug 1179468
- SUSE Bug 1179686
- SUSE Bug 1181108
- SUSE Bug 1182425
- SUSE Bug 1182577
- SUSE Bug 1182968
- SUSE Bug 1184064
Описание
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-12829
- SUSE Bug 1172385
Описание
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2020-15469
- SUSE Bug 1173612
Описание
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
Затронутые продукты
Ссылки
- CVE-2020-25084
- SUSE Bug 1176673
Описание
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
Затронутые продукты
Ссылки
- CVE-2020-25624
- SUSE Bug 1176682
Описание
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
Затронутые продукты
Ссылки
- CVE-2020-25625
- SUSE Bug 1176684
Описание
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-25723
- SUSE Bug 1178934
- SUSE Bug 1178935
Описание
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
Затронутые продукты
Ссылки
- CVE-2020-27616
- SUSE Bug 1178400
- SUSE Bug 1188609
Описание
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
Затронутые продукты
Ссылки
- CVE-2020-27617
- SUSE Bug 1178174
Описание
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
Затронутые продукты
Ссылки
- CVE-2020-27821
- SUSE Bug 1179686
Описание
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
Затронутые продукты
Ссылки
- CVE-2020-28916
- SUSE Bug 1178683
- SUSE Bug 1179468
Описание
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Затронутые продукты
Ссылки
- CVE-2020-29129
- SUSE Bug 1179466
- SUSE Bug 1179467
- SUSE Bug 1179477
- SUSE Bug 1179484
Описание
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Затронутые продукты
Ссылки
- CVE-2020-29130
- SUSE Bug 1178658
- SUSE Bug 1179467
- SUSE Bug 1179477
Описание
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
Затронутые продукты
Ссылки
- CVE-2020-29443
- SUSE Bug 1181108
Описание
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20257
- SUSE Bug 1182577
- SUSE Bug 1182846
Описание
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Затронутые продукты
Ссылки
- CVE-2021-3416
- SUSE Bug 1182968
- SUSE Bug 1186473