Overview

File _patchinfo of Package patchinfo.30141

<patchinfo incident="30141">
  <issue tracker="bnc" id="1182137">VUL-0: CVE-2021-20181: qemu,kvm,:  race condition in 9pfs may lead to privilege escalation</issue>
  <issue tracker="bnc" id="1187366">VUL-1: CVE-2021-3595: qemu: slirp,libslirp: invalid pointer initialization may lead to information disclosure (tftp)</issue>
  <issue tracker="bnc" id="1176682">VUL-0: CVE-2020-25624: kvm,qemu: usb: hcd-ohci: out-of-bound access issue while processing transfer descriptors</issue>
  <issue tracker="bnc" id="1189702">VUL-0: CVE-2021-3713: kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation</issue>
  <issue tracker="bnc" id="1176684">VUL-1: CVE-2020-25625: kvm,qemu: usb: hcd-ohci: infinite loop issue while processing transfer descriptors</issue>
  <issue tracker="bnc" id="1175441">VUL-0: CVE-2020-14364: qemu,kvm: usb: out-of-bounds r/w access issue while processing usb packets</issue>
  <issue tracker="bnc" id="1189938">VUL-0: CVE-2021-3748: qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu</issue>
  <issue tracker="bnc" id="1198712">VUL-1: CVE-2022-26354: kvm,qemu: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak</issue>
  <issue tracker="bnc" id="1112499">qemu-linux-user is incredibly slow for arm32</issue>
  <issue tracker="bnc" id="1173612">VUL-0: CVE-2020-15469: kvm,qemu: QEMU: MMIO ops null pointer dereference may lead to DoS</issue>
  <issue tracker="bnc" id="1178174">VUL-1: CVE-2020-27617: qemu: assert failure in eth_get_gso_type</issue>
  <issue tracker="bnc" id="1178934">VUL-1: CVE-2020-25723: kvm,qemu: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c</issue>
  <issue tracker="bnc" id="1182968">VUL-0: CVE-2021-3419: qemu,kvm: rtl8139: stack overflow induced by infinite recursion issue</issue>
  <issue tracker="bnc" id="1192463">binutils update: qemu maint-updates won't build as is in sle-15 and sle-12</issue>
  <issue tracker="bnc" id="1187365">VUL-1: CVE-2021-3593: qemu: slirp,libslirp: invalid pointer initialization may lead to information disclosure (udp6)</issue>
  <issue tracker="bnc" id="1172384">VUL-1: CVE-2020-13361: kvm,qemu: es1370: OOB access due to incorrect frame count leads to DoS</issue>
  <issue tracker="bnc" id="1187529">VUL-0: qemu: integer overflow in object_property_try_add</issue>
  <issue tracker="bnc" id="1180435">VUL-0: CVE-2020-35506: kvm,qemu,xen: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c</issue>
  <issue tracker="bnc" id="1187367">VUL-1: CVE-2021-3594: qemu,kvm,libslirp: slirp: invalid pointer initialization may lead to information disclosure (udp)</issue>
  <issue tracker="bnc" id="1172386">VUL-1: CVE-2020-13659: qemu: NULL pointer dereference in the MegaRAID SAS 8708EM2 emulator</issue>
  <issue tracker="bnc" id="1182651">VUL-1: CVE-2021-20255: qemu,kvm: eepro100: stack overflow via infinite recursion</issue>
  <issue tracker="bnc" id="1176673">VUL-0: CVE-2020-25084: kvm,qemu: usb: use-after-free issue while setting up packet</issue>
  <issue tracker="bnc" id="1174386">VUL-0: CVE-2020-15863: kvm,qemu: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c</issue>
  <issue tracker="bnc" id="1180434">VUL-0: CVE-2020-35505: qemu,xen,kvm: NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c</issue>
  <issue tracker="bnc" id="1181108">VUL-0: CVE-2020-29443: qemu,kvm: atapi: OOB access while processing read commands</issue>
  <issue tracker="bnc" id="1181639">VUL-1: CVE-2021-20203: kvm,xen,qemu: qemu: Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c</issue>
  <issue tracker="bnc" id="1172383">VUL-1: CVE-2020-13362: kvm,qemu: megasas: OOB read access due to invalid index leads to DoS</issue>
  <issue tracker="bnc" id="1179466">VUL-1: CVE-2020-29129: kvm,qemu,slirp4netns: out-of-bounds access while processing NCSI packets</issue>
  <issue tracker="bnc" id="1186012">VUL-1: CVE-2021-3527: qemu,kvm: QEMU: usb: unbounded stack allocation in usbredir</issue>
  <issue tracker="bnc" id="1119115">QEMU:  vm migration is failing with input/output error on top of SLES15 hosts</issue>
  <issue tracker="bnc" id="1172382">VUL-1: CVE-2020-13754: kvm,qemu: msix: OOB access during mmio operations may lead to DoS</issue>
  <issue tracker="bnc" id="1187364">VUL-1: CVE-2021-3592: qemu,kvm,libslirp: slirp: invalid pointer initialization may lead to information disclosure (bootp)</issue>
  <issue tracker="bnc" id="1198037">VUL-0: CVE-2021-4207: qemu,kvm: double fetch in qxl_cursor() can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1172478">VUL-0: CVE-2020-13765: kvm,qemu: OOB access while loading registered ROM may lead to code execution</issue>
  <issue tracker="bnc" id="1198038">VUL-1: CVE-2022-0216: kvm,qemu: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c</issue>
  <issue tracker="bnc" id="1193880">VUL-0: CVE-2021-3929: kvm, qemu: DMA reentrancy issue leads to use-after-free in nvme</issue>
  <issue tracker="bnc" id="1198035">VUL-0: CVE-2021-4206: qemu,kvm: integer overflow in cursor_alloc() can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1180432">VUL-0: CVE-2020-35503: qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter</issue>
  <issue tracker="bnc" id="1179467">VUL-0: CVE-2020-29130: kvm,qemu,slirp4netns: out-of-bounds access while processing ARP packets</issue>
  <issue tracker="bnc" id="1180433">VUL-0: CVE-2020-35504: kvm,xen,qemu: NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c</issue>
  <issue tracker="bnc" id="1180523">VUL-0: CVE-2020-11947: qemu,kvm: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read</issue>
  <issue tracker="bnc" id="1182577">VUL-0: CVE-2021-20257: kvm,qemu:  infinite loop issue in the e1000 NIC emulator</issue>
  <issue tracker="bnc" id="1172380">VUL-0: CVE-2020-10756: libslirp, slirp4netns, qemu: out-of-bounds read information disclosure in icmp6_send_echoreply()</issue>
  <issue tracker="bnc" id="1189145">VUL-0: CVE-2021-3682: kvm,qemu: usbredir: free call on invalid pointer in bufp_alloc()</issue>
  <issue tracker="bnc" id="1172385">VUL-0: CVE-2020-12829: qemu: OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c</issue>
  <issue tracker="bnc" id="1181933">VUL-0: CVE-2021-20221: kvm,xen,qemu: out-of-bound heap buffer access via an interrupt ID field</issue>
  <issue tracker="bnc" id="1179468">VUL-1: CVE-2020-28916: qemu,kvm: e1000e: infinite loop scenario in case of null packet descriptor</issue>
  <issue tracker="cve" id="2021-20257"/>
  <issue tracker="cve" id="2020-13361"/>
  <issue tracker="cve" id="2020-35504"/>
  <issue tracker="cve" id="2021-3748"/>
  <issue tracker="cve" id="2020-29129"/>
  <issue tracker="cve" id="2020-25723"/>
  <issue tracker="cve" id="2021-20203"/>
  <issue tracker="cve" id="2021-3682"/>
  <issue tracker="cve" id="2021-3595"/>
  <issue tracker="cve" id="2021-3527"/>
  <issue tracker="cve" id="2021-20181"/>
  <issue tracker="cve" id="2020-15469"/>
  <issue tracker="cve" id="2020-14364"/>
  <issue tracker="cve" id="2021-4206"/>
  <issue tracker="cve" id="2020-10756"/>
  <issue tracker="cve" id="2020-29443"/>
  <issue tracker="cve" id="2022-26354"/>
  <issue tracker="cve" id="2021-4207"/>
  <issue tracker="cve" id="2020-25084"/>
  <issue tracker="cve" id="2021-3713"/>
  <issue tracker="cve" id="2020-29130"/>
  <issue tracker="cve" id="2021-3592"/>
  <issue tracker="cve" id="2021-3929"/>
  <issue tracker="cve" id="2020-15863"/>
  <issue tracker="cve" id="2020-35505"/>
  <issue tracker="cve" id="2020-35503"/>
  <issue tracker="cve" id="2020-27617"/>
  <issue tracker="cve" id="2020-13362"/>
  <issue tracker="cve" id="2020-25624"/>
  <issue tracker="cve" id="2021-20221"/>
  <issue tracker="cve" id="2020-13659"/>
  <issue tracker="cve" id="2020-12829"/>
  <issue tracker="cve" id="2020-25625"/>
  <issue tracker="cve" id="2020-28916"/>
  <issue tracker="cve" id="2021-3593"/>
  <issue tracker="cve" id="2020-13754"/>
  <issue tracker="cve" id="2020-11947"/>
  <issue tracker="cve" id="2020-13765"/>
  <issue tracker="cve" id="2020-35506"/>
  <issue tracker="cve" id="2021-20255"/>
  <issue tracker="cve" id="2021-3594"/>
  <issue tracker="cve" id="2022-0216"/>
  <issue tracker="cve" id="2021-3416"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Fixed the following security issues:

- bsc#1198037 (CVE-2021-4207)
- bsc#1198038 (CVE-2022-0216)
- bsc#1198038 (CVE-2022-0216)
- bsc#1193880 (CVE-2021-3929)
- bsc#1198712 (CVE-2022-26354)
- bsc#1198035 (CVE-2021-4206)
- bsc#1192463, bsc#1189938 (CVE-2021-3748)
- bsc#1189702 (CVE-2021-3713)
- bsc#1189145, (CVE-2021-3682)
- bsc#1180432, (CVE-2020-35503)
- bsc#1182651, (CVE-2021-20255)
- bsc#1186012, (CVE-2021-3527)
- bsc#1180433, (CVE-2020-35504)
- bsc#1180434, (CVE-2020-35505)
- bsc#1180435, (CVE-2020-35506)
- bsc#1187366, (CVE-2021-3595)
- bsc#1187364 (CVE-2021-3592)
- bsc#1187367 (CVE-2021-3594)
- bsc#1187365 (CVE-2021-3593)
- bsc#1187529, bsc#1172382 (CVE-2020-13754)
- bsc#1172380 (CVE-2020-10756)
- bsc#1172385 (CVE-2020-12829)
- bsc#1172383 (CVE-2020-13362)
- bsc#1178934 (CVE-2020-25723)
- bsc#1176673 (CVE-2020-25084)
- bsc#1176682 (CVE-2020-25624)
- bsc#1176684 (CVE-2020-25625)
- bsc#1178174 (CVE-2020-27617)
- bsc#1179468 (CVE-2020-28916)
- bsc#1181108 (CVE-2020-29443)
- bsc#1173612 (CVE-2020-15469)
- bsc#1182577 (CVE-2021-20257)
- bsc#1182968 (CVE-2021-3416)
- bsc#1179466 (CVE-2020-29129)
- bsc#1179466 (CVE-2020-29130)
- bsc#1179467, bsc#1172386 (CVE-2020-13659)
- bsc#1180523 (CVE-2020-11947)
- bsc#1181639 (CVE-2021-20203)
- bsc#1174386 (CVE-2020-15863)
- bsc#1175441 (CVE-2020-14364)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places