Описание
Security update for qemu
This update for qemu fixes the following issues:
- Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382)
- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380)
- Fix out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221, bsc#1181933)
- For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975, bsc#1094725)
Список пакетов
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2021:1894-1
- E-Mail link for SUSE-SU-2021:1894-1
- SUSE Security Ratings
- SUSE Bug 1094725
- SUSE Bug 1149813
- SUSE Bug 1163019
- SUSE Bug 1172380
- SUSE Bug 1172382
- SUSE Bug 1175534
- SUSE Bug 1178683
- SUSE Bug 1178935
- SUSE Bug 1179477
- SUSE Bug 1181933
- SUSE Bug 1182846
- SUSE Bug 1182975
- SUSE CVE CVE-2019-15890 page
- SUSE CVE CVE-2020-10756 page
- SUSE CVE CVE-2020-13754 page
- SUSE CVE CVE-2020-14364 page
- SUSE CVE CVE-2020-25707 page
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Затронутые продукты
Ссылки
- CVE-2020-10756
- SUSE Bug 1172380
- SUSE Bug 1184743
Описание
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
Затронутые продукты
Ссылки
- CVE-2020-13754
- SUSE Bug 1172382
Описание
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2020-14364
- SUSE Bug 1175441
- SUSE Bug 1175534
- SUSE Bug 1176494
- SUSE Bug 1177130
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916
Затронутые продукты
Ссылки
- CVE-2020-25707
- SUSE Bug 1178683
- SUSE Bug 1179468
Описание
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-25723
- SUSE Bug 1178934
- SUSE Bug 1178935
Описание
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Затронутые продукты
Ссылки
- CVE-2020-29130
- SUSE Bug 1178658
- SUSE Bug 1179467
- SUSE Bug 1179477
Описание
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Затронутые продукты
Ссылки
- CVE-2020-8608
- SUSE Bug 1163018
- SUSE Bug 1163019
Описание
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Затронутые продукты
Ссылки
- CVE-2021-20221
- SUSE Bug 1181933
Описание
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20257
- SUSE Bug 1182577
- SUSE Bug 1182846
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Затронутые продукты
Ссылки
- CVE-2021-3419
- SUSE Bug 1182968
- SUSE Bug 1182975