Overview

File _patchinfo of Package patchinfo.28164

<patchinfo incident="28164">
  <issue tracker="bnc" id="1185000">VUL-0: CVE-2021-3507: qemu,kvm: fdc: heap buffer overflow in DMA read data transfers</issue>
  <issue tracker="bnc" id="1205808">VUL-0: CVE-2022-4144: kvm,qemu: qxl_phys2virt unsafe address translation can lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1202364">qemu  "block limits" VPD emulation broken in SLES15 SP3 [ref:_00D1igLOd._5005q9eCWF:ref]</issue>
  <issue tracker="bnc" id="1190425">The max_sectors_kb is incorrect in kvm guest os while using scsi passthrough on certain hardware</issue>
  <issue tracker="cve" id="2021-3507"/>
  <issue tracker="cve" id="2022-4144"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808).
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
  
The following non-security bugs were fixed:

- Fix bsc#1202364.
- Introduce max_hw_iov for use in scsi-generic (bsc#1190425)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places