Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:2358-1

Опубликовано: 02 июн. 2023
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

  • CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout() in hw/scsi/lsi53c895a.c (bsc#1198038).
  • CVE-2021-3929: Fixed use-after-free in nvme, caused by DMA reentrancy issue (bsc#1193880).
  • CVE-2021-4207: Fixed heap buffer overflow caused by double fetch in qxl_cursor() (bsc#1198037).
  • CVE-2021-4206: Fixed integer overflow in cursor_alloc() (bsc#1198035).
  • Amend .changes file: avoid declaring a still unfixed CVE, as fixed (bsc#1187529)
  • Fix the build breaks caused by binutils update (bsc#1192463, bsc#1193621)

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
qemu-2.6.2-41.76.1
qemu-block-curl-2.6.2-41.76.1
qemu-block-rbd-2.6.2-41.76.1
qemu-block-ssh-2.6.2-41.76.1
qemu-guest-agent-2.6.2-41.76.1
qemu-ipxe-1.0.0-41.76.1
qemu-kvm-2.6.2-41.76.1
qemu-lang-2.6.2-41.76.1
qemu-seabios-1.9.1_0_gb3ef39f-41.76.1
qemu-sgabios-8-41.76.1
qemu-tools-2.6.2-41.76.1
qemu-vgabios-1.9.1_0_gb3ef39f-41.76.1
qemu-x86-2.6.2-41.76.1

Ссылки

Описание

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.76.1
Ссылки

Описание

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.76.1
Ссылки

Описание

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.76.1
Ссылки

Описание

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.76.1
SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.76.1
Ссылки