Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2021-4207: Fixed double fetch in qxl_cursor() that could lead to heap buffer overflow (bsc#1198037).
- CVE-2023-0330: Fixed DMA reentrancy issue that could lead to stack overflow (bsc#1207205).
- CVE-2023-2861: Fixed improper access control on special files (bsc#1212968).
Список пакетов
Image SLES12-SP5-EC2-ECS-On-Demand
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Ссылки
- Link for SUSE-SU-2023:3015-1
- E-Mail link for SUSE-SU-2023:3015-1
- SUSE Security Ratings
- SUSE Bug 1198037
- SUSE Bug 1207205
- SUSE Bug 1212968
- SUSE CVE CVE-2021-4207 page
- SUSE CVE CVE-2023-0330 page
- SUSE CVE CVE-2023-2861 page
Описание
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Затронутые продукты
Ссылки
- CVE-2021-4207
- SUSE Bug 1198037
Описание
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
Затронутые продукты
Ссылки
- CVE-2023-0330
- SUSE Bug 1207205
Описание
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
Затронутые продукты
Ссылки
- CVE-2023-2861
- SUSE Bug 1212968