patchinfo.16640 - openSUSE Build Service

Security update for qemu

This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981)
- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010)
- CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990)
- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681)
- CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380)
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,
CVE-2021-3419, bsc#1182975)

Non-security issues fixed:

- Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979)
- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
- Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785):
- Fix testsuite error (bsc#1184574)
- Fix qemu crash with iothread when block commit after snapshot (bsc#1187013)
- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)
- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Submitted by José Ricardo Ziviani (jziviani)

Fixed bugs

VUL-0: CVE-2021-3546: qemu,kvm: QEMU: vhost-user-gpu: out-of-bounds write in virgl_cmd_get_capset()

KVM guest crashed during virtual disk removal

VUL-0: CVE-2021-3545: qemu,kvm: QEMU: vhost-user-gpu: information disclosure due to uninitialized memory read

L3: KVM guest crashed during virsh blockcopy

VUL-0: CVE-2021-3544: qemu,kvm: QEMU: vhost-user-gpu: multiple memory leaks

L3: Unable to execute QEMU command 'migrate': There's a migration process in progress

VUL-0: CVE-2020-25707: kvm,qemu: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c

VUL-0: CVE-2019-15890: xen: use-after-free during packet reassembly

SLES 15 SP3 GMC - QEMU BIOS fails to read stage2 loader (on s390x)

VUL-1: CVE-2020-25723: xen: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c

VUL-0: CVE-2020-8608: xen: potential OOB access due to unsafe snprintf() usages

VUL-0: CVE-2020-25085: kvm,qemu: sdhci: out-of-bounds access issue while doing multi block SDMA

VUL-0: CVE-2021-20257: xen: infinite loop issue in the e1000 NIC emulator

VUL-0: CVE-2020-29130: xen: out-of-bounds access while processing ARP packets

VUL-0: CVE-2020-10756: libslirp, slirp4netns, qemu: out-of-bounds read information disclosure in icmp6_send_echoreply()

VUL-0: CVE-2020-14364: xen: usb: out-of-bounds r/w access issue while processing usb packets (XSA 335)

VUL-0: CVE-2021-3419: xen: rtl8139: stack overflow induced by infinite recursion issue

VUL-1: CVE-2020-29129: xen: out-of-bounds access while processing NCSI packets

SLES 12 SP5 - KVM guest fails to find zipl boot menu index (qemu)

Selected Binaries

openSUSE Build Service is sponsored by