Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062).
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134).
- CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484).
- CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554).
- CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065).
The following non-security bug was fixed:
- Removing in-use mediated device should fail with error message instead of hang (bsc#1205316).
Список пакетов
Container suse/sle-micro/kvm-5.5:latest
qemu-guest-agent-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5
qemu-7.1.0-150500.49.12.1
qemu-accel-tcg-x86-7.1.0-150500.49.12.1
qemu-arm-7.1.0-150500.49.12.1
qemu-audio-spice-7.1.0-150500.49.12.1
qemu-block-curl-7.1.0-150500.49.12.1
qemu-chardev-spice-7.1.0-150500.49.12.1
qemu-guest-agent-7.1.0-150500.49.12.1
qemu-hw-display-qxl-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1
qemu-hw-usb-redirect-7.1.0-150500.49.12.1
qemu-ipxe-1.0.0+-150500.49.12.1
qemu-s390x-7.1.0-150500.49.12.1
qemu-seabios-1.16.0_0_gd239552-150500.49.12.1
qemu-sgabios-8-150500.49.12.1
qemu-tools-7.1.0-150500.49.12.1
qemu-ui-opengl-7.1.0-150500.49.12.1
qemu-ui-spice-core-7.1.0-150500.49.12.1
qemu-vgabios-1.16.0_0_gd239552-150500.49.12.1
qemu-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
qemu-tools-7.1.0-150500.49.12.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
qemu-SLOF-7.1.0-150500.49.12.1
qemu-accel-qtest-7.1.0-150500.49.12.1
qemu-accel-tcg-x86-7.1.0-150500.49.12.1
qemu-arm-7.1.0-150500.49.12.1
qemu-audio-alsa-7.1.0-150500.49.12.1
qemu-audio-jack-7.1.0-150500.49.12.1
qemu-audio-oss-7.1.0-150500.49.12.1
qemu-audio-pa-7.1.0-150500.49.12.1
qemu-audio-spice-7.1.0-150500.49.12.1
qemu-block-dmg-7.1.0-150500.49.12.1
qemu-block-gluster-7.1.0-150500.49.12.1
qemu-block-nfs-7.1.0-150500.49.12.1
qemu-chardev-spice-7.1.0-150500.49.12.1
qemu-extra-7.1.0-150500.49.12.1
qemu-hw-display-qxl-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.12.1
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1
qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.12.1
qemu-hw-usb-redirect-7.1.0-150500.49.12.1
qemu-hw-usb-smartcard-7.1.0-150500.49.12.1
qemu-ivshmem-tools-7.1.0-150500.49.12.1
qemu-microvm-7.1.0-150500.49.12.1
qemu-ppc-7.1.0-150500.49.12.1
qemu-s390x-7.1.0-150500.49.12.1
qemu-seabios-1.16.0_0_gd239552-150500.49.12.1
qemu-sgabios-8-150500.49.12.1
qemu-skiboot-7.1.0-150500.49.12.1
qemu-ui-gtk-7.1.0-150500.49.12.1
qemu-ui-opengl-7.1.0-150500.49.12.1
qemu-ui-spice-app-7.1.0-150500.49.12.1
qemu-ui-spice-core-7.1.0-150500.49.12.1
qemu-vgabios-1.16.0_0_gd239552-150500.49.12.1
qemu-vhost-user-gpu-7.1.0-150500.49.12.1
qemu-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
qemu-7.1.0-150500.49.12.1
qemu-SLOF-7.1.0-150500.49.12.1
qemu-accel-tcg-x86-7.1.0-150500.49.12.1
qemu-arm-7.1.0-150500.49.12.1
qemu-audio-alsa-7.1.0-150500.49.12.1
qemu-audio-dbus-7.1.0-150500.49.12.1
qemu-audio-pa-7.1.0-150500.49.12.1
qemu-audio-spice-7.1.0-150500.49.12.1
qemu-block-curl-7.1.0-150500.49.12.1
qemu-block-iscsi-7.1.0-150500.49.12.1
qemu-block-rbd-7.1.0-150500.49.12.1
qemu-block-ssh-7.1.0-150500.49.12.1
qemu-chardev-baum-7.1.0-150500.49.12.1
qemu-chardev-spice-7.1.0-150500.49.12.1
qemu-guest-agent-7.1.0-150500.49.12.1
qemu-hw-display-qxl-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.12.1
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1
qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.12.1
qemu-hw-usb-host-7.1.0-150500.49.12.1
qemu-hw-usb-redirect-7.1.0-150500.49.12.1
qemu-ipxe-1.0.0+-150500.49.12.1
qemu-ksm-7.1.0-150500.49.12.1
qemu-kvm-7.1.0-150500.49.12.1
qemu-lang-7.1.0-150500.49.12.1
qemu-ppc-7.1.0-150500.49.12.1
qemu-s390x-7.1.0-150500.49.12.1
qemu-seabios-1.16.0_0_gd239552-150500.49.12.1
qemu-sgabios-8-150500.49.12.1
qemu-skiboot-7.1.0-150500.49.12.1
qemu-ui-curses-7.1.0-150500.49.12.1
qemu-ui-dbus-7.1.0-150500.49.12.1
qemu-ui-gtk-7.1.0-150500.49.12.1
qemu-ui-opengl-7.1.0-150500.49.12.1
qemu-ui-spice-app-7.1.0-150500.49.12.1
qemu-ui-spice-core-7.1.0-150500.49.12.1
qemu-vgabios-1.16.0_0_gd239552-150500.49.12.1
qemu-x86-7.1.0-150500.49.12.1
openSUSE Leap 15.5
qemu-7.1.0-150500.49.12.1
qemu-SLOF-7.1.0-150500.49.12.1
qemu-accel-qtest-7.1.0-150500.49.12.1
qemu-accel-tcg-x86-7.1.0-150500.49.12.1
qemu-arm-7.1.0-150500.49.12.1
qemu-audio-alsa-7.1.0-150500.49.12.1
qemu-audio-dbus-7.1.0-150500.49.12.1
qemu-audio-jack-7.1.0-150500.49.12.1
qemu-audio-pa-7.1.0-150500.49.12.1
qemu-audio-spice-7.1.0-150500.49.12.1
qemu-block-curl-7.1.0-150500.49.12.1
qemu-block-dmg-7.1.0-150500.49.12.1
qemu-block-gluster-7.1.0-150500.49.12.1
qemu-block-iscsi-7.1.0-150500.49.12.1
qemu-block-nfs-7.1.0-150500.49.12.1
qemu-block-rbd-7.1.0-150500.49.12.1
qemu-block-ssh-7.1.0-150500.49.12.1
qemu-chardev-baum-7.1.0-150500.49.12.1
qemu-chardev-spice-7.1.0-150500.49.12.1
qemu-extra-7.1.0-150500.49.12.1
qemu-guest-agent-7.1.0-150500.49.12.1
qemu-hw-display-qxl-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1
qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.12.1
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1
qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.12.1
qemu-hw-usb-host-7.1.0-150500.49.12.1
qemu-hw-usb-redirect-7.1.0-150500.49.12.1
qemu-hw-usb-smartcard-7.1.0-150500.49.12.1
qemu-ipxe-1.0.0+-150500.49.12.1
qemu-ivshmem-tools-7.1.0-150500.49.12.1
qemu-ksm-7.1.0-150500.49.12.1
qemu-kvm-7.1.0-150500.49.12.1
qemu-lang-7.1.0-150500.49.12.1
qemu-microvm-7.1.0-150500.49.12.1
qemu-ppc-7.1.0-150500.49.12.1
qemu-s390x-7.1.0-150500.49.12.1
qemu-seabios-1.16.0_0_gd239552-150500.49.12.1
qemu-sgabios-8-150500.49.12.1
qemu-skiboot-7.1.0-150500.49.12.1
qemu-tools-7.1.0-150500.49.12.1
qemu-ui-curses-7.1.0-150500.49.12.1
qemu-ui-dbus-7.1.0-150500.49.12.1
qemu-ui-gtk-7.1.0-150500.49.12.1
qemu-ui-opengl-7.1.0-150500.49.12.1
qemu-ui-spice-app-7.1.0-150500.49.12.1
qemu-ui-spice-core-7.1.0-150500.49.12.1
qemu-vgabios-1.16.0_0_gd239552-150500.49.12.1
qemu-vhost-user-gpu-7.1.0-150500.49.12.1
qemu-x86-7.1.0-150500.49.12.1
Ссылки
- Link for SUSE-SU-2024:1103-1
- E-Mail link for SUSE-SU-2024:1103-1
- SUSE Security Ratings
- SUSE Bug 1205316
- SUSE Bug 1209554
- SUSE Bug 1218484
- SUSE Bug 1220062
- SUSE Bug 1220065
- SUSE Bug 1220134
- SUSE CVE CVE-2023-1544 page
- SUSE CVE CVE-2023-6693 page
- SUSE CVE CVE-2024-24474 page
- SUSE CVE CVE-2024-26327 page
- SUSE CVE CVE-2024-26328 page
Описание
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
Затронутые продукты
Container suse/sle-micro/kvm-5.5:latest:qemu-guest-agent-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-accel-tcg-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-arm-7.1.0-150500.49.12.1
Ссылки
- CVE-2023-1544
- SUSE Bug 1209554
Описание
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
Затронутые продукты
Container suse/sle-micro/kvm-5.5:latest:qemu-guest-agent-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-accel-tcg-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-arm-7.1.0-150500.49.12.1
Ссылки
- CVE-2023-6693
- SUSE Bug 1218484
Описание
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.
Затронутые продукты
Container suse/sle-micro/kvm-5.5:latest:qemu-guest-agent-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-accel-tcg-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-arm-7.1.0-150500.49.12.1
Ссылки
- CVE-2024-24474
- SUSE Bug 1220134
Описание
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
Затронутые продукты
Container suse/sle-micro/kvm-5.5:latest:qemu-guest-agent-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-accel-tcg-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-arm-7.1.0-150500.49.12.1
Ссылки
- CVE-2024-26327
- SUSE Bug 1220062
Описание
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
Затронутые продукты
Container suse/sle-micro/kvm-5.5:latest:qemu-guest-agent-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-accel-tcg-x86-7.1.0-150500.49.12.1
SUSE Linux Enterprise Micro 5.5:qemu-arm-7.1.0-150500.49.12.1
Ссылки
- CVE-2024-26328
- SUSE Bug 1220065