Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494).
- CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641).
- CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386).
- CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370).
- Allow to IPL secure guests with -no-reboot (bsc#1174863)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1664-1
- SUSE Security Ratings
- SUSE Bug 1174386
- SUSE Bug 1174641
- SUSE Bug 1174863
- SUSE Bug 1175370
- SUSE Bug 1175441
- SUSE Bug 1176494
- SUSE CVE CVE-2020-14364 page
- SUSE CVE CVE-2020-15863 page
- SUSE CVE CVE-2020-16092 page
- SUSE CVE CVE-2020-24352 page
Описание
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2020-14364
- SUSE Bug 1175441
- SUSE Bug 1175534
- SUSE Bug 1176494
- SUSE Bug 1177130
Описание
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
Затронутые продукты
Ссылки
- CVE-2020-15863
- SUSE Bug 1174386
Описание
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
Затронутые продукты
Ссылки
- CVE-2020-16092
- SUSE Bug 1174641
Описание
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-24352
- SUSE Bug 1175370
- SUSE Bug 1188609