File _patchinfo of Package patchinfo.33006

<patchinfo incident="33006">
  <issue tracker="bnc" id="1220062">VUL-0: CVE-2024-26327: qemu: buffer overflow via invalid SR/IOV NumVFs value</issue>
  <issue tracker="bnc" id="1205316">SLES 15 SP3 - Removing in-use mediated device should fail with error message instead of hang</issue>
  <issue tracker="bnc" id="1220134">VUL-0: CVE-2024-24474: qemu: integer overflow results in buffer overflow via SCSI command</issue>
  <issue tracker="bnc" id="1218484">VUL-0: CVE-2023-6693: qemu: stack buffer overflow in virtio_net_flush_tx()</issue>
  <issue tracker="bnc" id="1209554">VUL-0: CVE-2023-1544: kvm,qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()</issue>
  <issue tracker="bnc" id="1220065">VUL-0: CVE-2024-26328: qemu: invalid NumVFs value is mishandled in NVME SR/IOV implementation</issue>
  <issue tracker="cve" id="2024-26328"/>
  <issue tracker="cve" id="2023-1544"/>
  <issue tracker="cve" id="2024-24474"/>
  <issue tracker="cve" id="2023-6693"/>
  <issue tracker="cve" id="2024-26327"/>
  <issue tracker="jsc" id="PED-7366"/>
  <issue tracker="jsc" id="PED-8113"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062).
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134).
- CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484).
- CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554).
- CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065).

The following non-security bug was fixed:

- Removing in-use mediated device should fail with error message instead of hang (bsc#1205316).
</description>
</patchinfo>