Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1461-1 Final 1 1 2021-11-08T10:03:03Z current 2021-11-08T10:03:03Z 2021-11-08T10:03:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1461 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6ANWCSILNO3HSV5PUK6VESGM76PNM5ND/ E-Mail link for openSUSE-SU-2021:1461-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1189234 SUSE Bug 1189234 https://bugzilla.suse.com/1189702 SUSE Bug 1189702 https://bugzilla.suse.com/1189938 SUSE Bug 1189938 https://bugzilla.suse.com/1190425 SUSE Bug 1190425 https://www.suse.com/security/cve/CVE-2021-3713/ SUSE CVE CVE-2021-3713 page https://www.suse.com/security/cve/CVE-2021-3748/ SUSE CVE CVE-2021-3748 page openSUSE Leap 15.2 qemu-4.2.1-lp152.9.23.1 qemu-arm-4.2.1-lp152.9.23.1 qemu-audio-alsa-4.2.1-lp152.9.23.1 qemu-audio-pa-4.2.1-lp152.9.23.1 qemu-audio-sdl-4.2.1-lp152.9.23.1 qemu-block-curl-4.2.1-lp152.9.23.1 qemu-block-dmg-4.2.1-lp152.9.23.1 qemu-block-gluster-4.2.1-lp152.9.23.1 qemu-block-iscsi-4.2.1-lp152.9.23.1 qemu-block-nfs-4.2.1-lp152.9.23.1 qemu-block-rbd-4.2.1-lp152.9.23.1 qemu-block-ssh-4.2.1-lp152.9.23.1 qemu-extra-4.2.1-lp152.9.23.1 qemu-guest-agent-4.2.1-lp152.9.23.1 qemu-ipxe-1.0.0+-lp152.9.23.1 qemu-ksm-4.2.1-lp152.9.23.1 qemu-kvm-4.2.1-lp152.9.23.1 qemu-lang-4.2.1-lp152.9.23.1 qemu-linux-user-4.2.1-lp152.9.23.1 qemu-microvm-4.2.1-lp152.9.23.1 qemu-ppc-4.2.1-lp152.9.23.1 qemu-s390-4.2.1-lp152.9.23.1 qemu-seabios-1.12.1+-lp152.9.23.1 qemu-sgabios-8-lp152.9.23.1 qemu-testsuite-4.2.1-lp152.9.23.1 qemu-tools-4.2.1-lp152.9.23.1 qemu-ui-curses-4.2.1-lp152.9.23.1 qemu-ui-gtk-4.2.1-lp152.9.23.1 qemu-ui-sdl-4.2.1-lp152.9.23.1 qemu-ui-spice-app-4.2.1-lp152.9.23.1 qemu-vgabios-1.12.1+-lp152.9.23.1 qemu-vhost-user-gpu-4.2.1-lp152.9.23.1 qemu-x86-4.2.1-lp152.9.23.1 qemu-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-arm-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-audio-alsa-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-audio-pa-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-audio-sdl-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-curl-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-dmg-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-gluster-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-iscsi-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-nfs-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-rbd-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-block-ssh-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-extra-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-guest-agent-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ipxe-1.0.0+-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ksm-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-kvm-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-lang-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-linux-user-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-microvm-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ppc-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-s390-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-seabios-1.12.1+-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-sgabios-8-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-testsuite-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-tools-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ui-curses-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ui-gtk-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ui-sdl-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-ui-spice-app-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-vgabios-1.12.1+-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-vhost-user-gpu-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 qemu-x86-4.2.1-lp152.9.23.1 as a component of openSUSE Leap 15.2 An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. CVE-2021-3713 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.23.1 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.23.1 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.23.1 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.23.1 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.23.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6ANWCSILNO3HSV5PUK6VESGM76PNM5ND/ https://www.suse.com/security/cve/CVE-2021-3713.html CVE-2021-3713 https://bugzilla.suse.com/1189702 SUSE Bug 1189702 A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. CVE-2021-3748 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.23.1 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.23.1 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.23.1 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.23.1 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.23.1 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.23.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6ANWCSILNO3HSV5PUK6VESGM76PNM5ND/ https://www.suse.com/security/cve/CVE-2021-3748.html CVE-2021-3748 https://bugzilla.suse.com/1189938 SUSE Bug 1189938