Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681)
- CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380)
- Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979)
- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
- Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785):
- For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975)
Список пакетов
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
Ссылки
- Link for SUSE-SU-2021:1893-1
- E-Mail link for SUSE-SU-2021:1893-1
- SUSE Security Ratings
- SUSE Bug 1149813
- SUSE Bug 1163019
- SUSE Bug 1172380
- SUSE Bug 1175534
- SUSE Bug 1176681
- SUSE Bug 1178683
- SUSE Bug 1178935
- SUSE Bug 1179477
- SUSE Bug 1179484
- SUSE Bug 1182846
- SUSE Bug 1182975
- SUSE Bug 1183979
- SUSE Bug 1186290
- SUSE CVE CVE-2019-15890 page
- SUSE CVE CVE-2020-10756 page
- SUSE CVE CVE-2020-14364 page
- SUSE CVE CVE-2020-25085 page
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Затронутые продукты
Ссылки
- CVE-2020-10756
- SUSE Bug 1172380
- SUSE Bug 1184743
Описание
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2020-14364
- SUSE Bug 1175441
- SUSE Bug 1175534
- SUSE Bug 1176494
- SUSE Bug 1177130
Описание
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
Затронутые продукты
Ссылки
- CVE-2020-25085
- SUSE Bug 1176681
- SUSE Bug 1182282
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916
Затронутые продукты
Ссылки
- CVE-2020-25707
- SUSE Bug 1178683
- SUSE Bug 1179468
Описание
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-25723
- SUSE Bug 1178934
- SUSE Bug 1178935
Описание
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Затронутые продукты
Ссылки
- CVE-2020-29129
- SUSE Bug 1179466
- SUSE Bug 1179467
- SUSE Bug 1179477
- SUSE Bug 1179484
Описание
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Затронутые продукты
Ссылки
- CVE-2020-29130
- SUSE Bug 1178658
- SUSE Bug 1179467
- SUSE Bug 1179477
Описание
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Затронутые продукты
Ссылки
- CVE-2020-8608
- SUSE Bug 1163018
- SUSE Bug 1163019
Описание
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20257
- SUSE Bug 1182577
- SUSE Bug 1182846
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Затронутые продукты
Ссылки
- CVE-2021-3419
- SUSE Bug 1182968
- SUSE Bug 1182975