Overview

File _patchinfo of Package patchinfo.30221

<patchinfo incident="30221">
  <issue tracker="bnc" id="1172382">VUL-1: CVE-2020-13754: kvm,qemu: msix: OOB access during mmio operations may lead to DoS</issue>
  <issue tracker="bnc" id="1188609">VUL-1: CVE-2021-3638: qemu: ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write</issue>
  <issue tracker="bnc" id="1190011">VUL-0: CVE-2021-3750: kvm,qemu: hcd-ehci: DMA reentrancy issue leads to use-after-free</issue>
  <issue tracker="bnc" id="1193880">VUL-0: CVE-2021-3929: kvm, qemu: DMA reentrancy issue leads to use-after-free in nvme</issue>
  <issue tracker="bnc" id="1198712">VUL-1: CVE-2022-26354: kvm,qemu: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak</issue>
  <issue tracker="bnc" id="1207205">VUL-0: CVE-2023-0330: kvm,qemu: lsi53c895a: DMA reentrancy issue leads to stack overflow</issue>
  <issue tracker="bnc" id="1212850">VUL-0: CVE-2023-3354: qemu,kvm: improper I/O watch removal in VNC TLS handshake can lead to remote unauthenticated denial of service</issue>
  <issue tracker="bnc" id="1213925">VUL-0: CVE-2023-3180: qemu,kvm: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper()</issue>
  <issue tracker="bnc" id="1215311">qemu will stop compiling when binutils update is released (toolchain update 2023)</issue>
  <issue tracker="bnc" id="1212968">VUL-0: CVE-2023-2861: qemu,kvm: 9pfs: improper access control on special files</issue>
  <issue tracker="bnc" id="1197653">VUL-0: CVE-2022-1050: qemu,kvm: pvrdma: use-after-free issue in pvrdma_exec_cmd()</issue>
	<issue tracker="cve" id="2020-13754"/>
  <issue tracker="cve" id="2021-3638"/>
  <issue tracker="cve" id="2021-3750"/>
  <issue tracker="cve" id="2021-3929"/>
  <issue tracker="cve" id="2022-26354"/>
  <issue tracker="cve" id="2023-0330"/>
  <issue tracker="cve" id="2023-3180"/>
  <issue tracker="cve" id="2023-2861"/>
	<issue tracker="cve" id="2023-3354"/>
  <issue tracker="cve" id="2022-1050"/>
	<packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. (bsc#1198712)
- CVE-2021-3929: Fixed an use-after-free in nvme DMA reentrancy issue. (bsc#1193880)
- CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205)
- CVE-2020-13754: Fixed a DoS due to an OOB access during mmio operations. (bsc#1172382)
- CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850)
- CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925)
- CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609)
- CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011)
- CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968).
- CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653).

The following non-security bug was fixed:

- Prepare for binutils update to 2.41 update (bsc#1215311).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places