Overview

File _patchinfo of Package patchinfo.28027

<patchinfo incident="28027">
  <issue tracker="bnc" id="1203788">VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext() leads to CPU exhaustion</issue>
  <issue tracker="bnc" id="1205808">VUL-0: CVE-2022-4144: kvm,qemu: qxl_phys2virt unsafe address translation can lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1202364">qemu  "block limits" VPD emulation broken in SLES15 SP3 [ref:_00D1igLOd._5005q9eCWF:ref]</issue>
  <issue tracker="bnc" id="1206527">SLES 15 SP4 - KVM: s390: pv: don't allow userspace to set the clock under PV - QEMU part</issue>
  <issue tracker="bnc" id="1197653">VUL-0: CVE-2022-1050: qemu,kvm: pvrdma: use-after-free issue in pvrdma_exec_cmd()</issue>
  <issue tracker="cve" id="2022-3165"/>
  <issue tracker="cve" id="2022-4144"/>
  <issue tracker="cve" id="2022-1050"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

  - CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read (bsc#1205808).
  - CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext() (bsc#1203788).
  - CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653).

  Bugfixes:

  - Fixed deviation of guest clock (bsc#1206527).
  - Fixed broken "block limits" VPD emulation (bsc#1202364).

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places