Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)
- CVE-2021-3507: Fixed a heap buffer overflow in DMA read data transfers. (bsc#1185000)
- CVE-2020-17380: Fixed a heap buffer overflow in sdhci_sdma_transfer_multi_blocks. (bsc#1175144)
Список пакетов
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Ссылки
- Link for SUSE-SU-2022:3768-1
- E-Mail link for SUSE-SU-2022:3768-1
- SUSE Security Ratings
- SUSE Bug 1175144
- SUSE Bug 1182282
- SUSE Bug 1185000
- SUSE Bug 1192463
- SUSE Bug 1198035
- SUSE Bug 1198037
- SUSE Bug 1198038
- SUSE Bug 1201367
- SUSE CVE CVE-2020-17380 page
- SUSE CVE CVE-2021-3409 page
- SUSE CVE CVE-2021-3507 page
- SUSE CVE CVE-2021-4206 page
- SUSE CVE CVE-2021-4207 page
- SUSE CVE CVE-2022-0216 page
- SUSE CVE CVE-2022-35414 page
Описание
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2020-17380
- SUSE Bug 1175144
- SUSE Bug 1182282
Описание
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Затронутые продукты
Ссылки
- CVE-2021-3409
- SUSE Bug 1182282
Описание
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Затронутые продукты
Ссылки
- CVE-2021-3507
- SUSE Bug 1185000
Описание
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Затронутые продукты
Ссылки
- CVE-2021-4206
- SUSE Bug 1198035
- SUSE Bug 1211582
Описание
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Затронутые продукты
Ссылки
- CVE-2021-4207
- SUSE Bug 1198037
Описание
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2022-0216
- SUSE Bug 1198038
Описание
** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."
Затронутые продукты
Ссылки
- CVE-2022-35414
- SUSE Bug 1201367