Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808).
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
- CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207).
- CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038).
- CVE-2022-1050: Fixed a use-after-free issue in pvrdma_exec_cmd() in pvrdma (bsc#1197653).
- CVE-2021-3929: Fixed a DMA reentrancy issue leads to use-after-free in nvme (bsc#1193880).
The following non-security bugs were fixed:
- Fix bsc#1202364.
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1
qemu-5.2.0-150300.121.2
qemu-arm-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
qemu-5.2.0-150300.121.2
qemu-arm-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
qemu-5.2.0-150300.121.2
qemu-arm-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise Micro 5.1
qemu-5.2.0-150300.121.2
qemu-arm-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-s390x-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise Micro 5.2
qemu-5.2.0-150300.121.2
qemu-arm-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-s390x-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise Real Time 15 SP3
qemu-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise Server 15 SP3-LTSS
qemu-5.2.0-150300.121.2
qemu-SLOF-5.2.0-150300.121.2
qemu-arm-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-ppc-5.2.0-150300.121.2
qemu-s390x-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-skiboot-5.2.0-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
qemu-5.2.0-150300.121.2
qemu-SLOF-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-ppc-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-skiboot-5.2.0-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Manager Proxy 4.2
qemu-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
SUSE Manager Server 4.2
qemu-5.2.0-150300.121.2
qemu-SLOF-5.2.0-150300.121.2
qemu-audio-alsa-5.2.0-150300.121.2
qemu-audio-pa-5.2.0-150300.121.2
qemu-audio-spice-5.2.0-150300.121.2
qemu-block-curl-5.2.0-150300.121.2
qemu-block-iscsi-5.2.0-150300.121.2
qemu-block-rbd-5.2.0-150300.121.2
qemu-block-ssh-5.2.0-150300.121.2
qemu-chardev-baum-5.2.0-150300.121.2
qemu-chardev-spice-5.2.0-150300.121.2
qemu-guest-agent-5.2.0-150300.121.2
qemu-hw-display-qxl-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-5.2.0-150300.121.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.121.2
qemu-hw-display-virtio-vga-5.2.0-150300.121.2
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.121.2
qemu-hw-usb-redirect-5.2.0-150300.121.2
qemu-ipxe-1.0.0+-150300.121.2
qemu-ksm-5.2.0-150300.121.2
qemu-kvm-5.2.0-150300.121.2
qemu-lang-5.2.0-150300.121.2
qemu-ppc-5.2.0-150300.121.2
qemu-s390x-5.2.0-150300.121.2
qemu-seabios-1.14.0_0_g155821a-150300.121.2
qemu-sgabios-8-150300.121.2
qemu-skiboot-5.2.0-150300.121.2
qemu-tools-5.2.0-150300.121.2
qemu-ui-curses-5.2.0-150300.121.2
qemu-ui-gtk-5.2.0-150300.121.2
qemu-ui-opengl-5.2.0-150300.121.2
qemu-ui-spice-app-5.2.0-150300.121.2
qemu-ui-spice-core-5.2.0-150300.121.2
qemu-vgabios-1.14.0_0_g155821a-150300.121.2
qemu-x86-5.2.0-150300.121.2
Ссылки
- Link for SUSE-SU-2023:0840-1
- E-Mail link for SUSE-SU-2023:0840-1
- SUSE Security Ratings
- SUSE Bug 1180207
- SUSE Bug 1185000
- SUSE Bug 1193880
- SUSE Bug 1197653
- SUSE Bug 1198038
- SUSE Bug 1202364
- SUSE Bug 1205808
- SUSE CVE CVE-2020-14394 page
- SUSE CVE CVE-2021-3507 page
- SUSE CVE CVE-2021-3929 page
- SUSE CVE CVE-2022-0216 page
- SUSE CVE CVE-2022-1050 page
- SUSE CVE CVE-2022-4144 page
Описание
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-arm-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-audio-alsa-5.2.0-150300.121.2
Ссылки
- CVE-2020-14394
- SUSE Bug 1180207
Описание
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-arm-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-audio-alsa-5.2.0-150300.121.2
Ссылки
- CVE-2021-3507
- SUSE Bug 1185000
Описание
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-arm-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-audio-alsa-5.2.0-150300.121.2
Ссылки
- CVE-2021-3929
- SUSE Bug 1193880
Описание
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-arm-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-audio-alsa-5.2.0-150300.121.2
Ссылки
- CVE-2022-0216
- SUSE Bug 1198038
Описание
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-arm-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-audio-alsa-5.2.0-150300.121.2
Ссылки
- CVE-2022-1050
- SUSE Bug 1197653
Описание
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-arm-5.2.0-150300.121.2
SUSE Enterprise Storage 7.1:qemu-audio-alsa-5.2.0-150300.121.2
Ссылки
- CVE-2022-4144
- SUSE Bug 1205808