Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)
Список пакетов
SUSE Enterprise Storage 7
qemu-4.2.1-150200.69.1
qemu-arm-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
qemu-4.2.1-150200.69.1
qemu-arm-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
qemu-4.2.1-150200.69.1
qemu-arm-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Linux Enterprise Server 15 SP2-BCL
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Linux Enterprise Server 15 SP2-LTSS
qemu-4.2.1-150200.69.1
qemu-arm-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-ppc-4.2.1-150200.69.1
qemu-s390-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-ppc-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Manager Proxy 4.1
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Manager Retail Branch Server 4.1
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
SUSE Manager Server 4.1
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-ipxe-1.0.0+-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-ppc-4.2.1-150200.69.1
qemu-s390-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
qemu-x86-4.2.1-150200.69.1
openSUSE Leap 15.3
qemu-s390-4.2.1-150200.69.1
openSUSE Leap 15.4
qemu-s390-4.2.1-150200.69.1
Ссылки
- Link for SUSE-SU-2022:3594-1
- E-Mail link for SUSE-SU-2022:3594-1
- SUSE Security Ratings
- SUSE Bug 1175144
- SUSE Bug 1182282
- SUSE Bug 1192115
- SUSE Bug 1198035
- SUSE Bug 1198037
- SUSE Bug 1198038
- SUSE CVE CVE-2021-3409 page
- SUSE CVE CVE-2021-4206 page
- SUSE CVE CVE-2021-4207 page
- SUSE CVE CVE-2022-0216 page
- SUSE CVE CVE-2022-35414 page
Описание
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Затронутые продукты
SUSE Enterprise Storage 7:qemu-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-arm-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-alsa-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-pa-4.2.1-150200.69.1
Ссылки
- CVE-2021-3409
- SUSE Bug 1182282
Описание
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Затронутые продукты
SUSE Enterprise Storage 7:qemu-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-arm-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-alsa-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-pa-4.2.1-150200.69.1
Ссылки
- CVE-2021-4206
- SUSE Bug 1198035
- SUSE Bug 1211582
Описание
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Затронутые продукты
SUSE Enterprise Storage 7:qemu-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-arm-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-alsa-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-pa-4.2.1-150200.69.1
Ссылки
- CVE-2021-4207
- SUSE Bug 1198037
Описание
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
SUSE Enterprise Storage 7:qemu-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-arm-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-alsa-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-pa-4.2.1-150200.69.1
Ссылки
- CVE-2022-0216
- SUSE Bug 1198038
Описание
** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."
Затронутые продукты
SUSE Enterprise Storage 7:qemu-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-arm-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-alsa-4.2.1-150200.69.1
SUSE Enterprise Storage 7:qemu-audio-pa-4.2.1-150200.69.1
Ссылки
- CVE-2022-35414
- SUSE Bug 1201367