Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0363-1 Final 1 1 2021-03-01T06:22:41Z current 2021-03-01T06:22:41Z 2021-03-01T06:22:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523) - Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) - Fixed 'Failed to try-restart qemu-ga@.service' error while updating the qemu-guest-agent. (bsc#1178565) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049) This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-363 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDUPZEIOIEXWFR2ZTWFFOIO2ZA3AI3VM/ E-Mail link for openSUSE-SU-2021:0363-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178049 SUSE Bug 1178049 https://bugzilla.suse.com/1178565 SUSE Bug 1178565 https://bugzilla.suse.com/1179717 SUSE Bug 1179717 https://bugzilla.suse.com/1179719 SUSE Bug 1179719 https://bugzilla.suse.com/1180523 SUSE Bug 1180523 https://bugzilla.suse.com/1181639 SUSE Bug 1181639 https://bugzilla.suse.com/1181933 SUSE Bug 1181933 https://bugzilla.suse.com/1182137 SUSE Bug 1182137 https://www.suse.com/security/cve/CVE-2020-11947/ SUSE CVE CVE-2020-11947 page https://www.suse.com/security/cve/CVE-2021-20181/ SUSE CVE CVE-2021-20181 page https://www.suse.com/security/cve/CVE-2021-20203/ SUSE CVE CVE-2021-20203 page https://www.suse.com/security/cve/CVE-2021-20221/ SUSE CVE CVE-2021-20221 page openSUSE Leap 15.2 qemu-4.2.1-lp152.9.9.2 qemu-arm-4.2.1-lp152.9.9.2 qemu-audio-alsa-4.2.1-lp152.9.9.2 qemu-audio-pa-4.2.1-lp152.9.9.2 qemu-audio-sdl-4.2.1-lp152.9.9.2 qemu-block-curl-4.2.1-lp152.9.9.2 qemu-block-dmg-4.2.1-lp152.9.9.2 qemu-block-gluster-4.2.1-lp152.9.9.2 qemu-block-iscsi-4.2.1-lp152.9.9.2 qemu-block-nfs-4.2.1-lp152.9.9.2 qemu-block-rbd-4.2.1-lp152.9.9.2 qemu-block-ssh-4.2.1-lp152.9.9.2 qemu-extra-4.2.1-lp152.9.9.2 qemu-guest-agent-4.2.1-lp152.9.9.2 qemu-ipxe-1.0.0+-lp152.9.9.2 qemu-ksm-4.2.1-lp152.9.9.2 qemu-kvm-4.2.1-lp152.9.9.2 qemu-lang-4.2.1-lp152.9.9.2 qemu-linux-user-4.2.1-lp152.9.9.3 qemu-microvm-4.2.1-lp152.9.9.2 qemu-ppc-4.2.1-lp152.9.9.2 qemu-s390-4.2.1-lp152.9.9.2 qemu-seabios-1.12.1+-lp152.9.9.2 qemu-sgabios-8-lp152.9.9.2 qemu-testsuite-4.2.1-lp152.9.9.5 qemu-tools-4.2.1-lp152.9.9.2 qemu-ui-curses-4.2.1-lp152.9.9.2 qemu-ui-gtk-4.2.1-lp152.9.9.2 qemu-ui-sdl-4.2.1-lp152.9.9.2 qemu-ui-spice-app-4.2.1-lp152.9.9.2 qemu-vgabios-1.12.1+-lp152.9.9.2 qemu-vhost-user-gpu-4.2.1-lp152.9.9.2 qemu-x86-4.2.1-lp152.9.9.2 qemu-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-arm-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-audio-alsa-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-audio-pa-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-audio-sdl-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-curl-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-dmg-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-gluster-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-iscsi-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-nfs-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-rbd-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-block-ssh-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-extra-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-guest-agent-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ipxe-1.0.0+-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ksm-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-kvm-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-lang-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-linux-user-4.2.1-lp152.9.9.3 as a component of openSUSE Leap 15.2 qemu-microvm-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ppc-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-s390-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-seabios-1.12.1+-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-sgabios-8-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-testsuite-4.2.1-lp152.9.9.5 as a component of openSUSE Leap 15.2 qemu-tools-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ui-curses-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ui-gtk-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ui-sdl-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-ui-spice-app-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-vgabios-1.12.1+-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-vhost-user-gpu-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 qemu-x86-4.2.1-lp152.9.9.2 as a component of openSUSE Leap 15.2 iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. CVE-2020-11947 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.9.2 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.9.3 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.9.2 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.9.5 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.9.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDUPZEIOIEXWFR2ZTWFFOIO2ZA3AI3VM/ https://www.suse.com/security/cve/CVE-2020-11947.html CVE-2020-11947 https://bugzilla.suse.com/1180523 SUSE Bug 1180523 A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. CVE-2021-20181 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.9.2 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.9.3 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.9.2 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.9.5 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.9.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDUPZEIOIEXWFR2ZTWFFOIO2ZA3AI3VM/ https://www.suse.com/security/cve/CVE-2021-20181.html CVE-2021-20181 https://bugzilla.suse.com/1182137 SUSE Bug 1182137 An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. CVE-2021-20203 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.9.2 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.9.3 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.9.2 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.9.5 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.9.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDUPZEIOIEXWFR2ZTWFFOIO2ZA3AI3VM/ https://www.suse.com/security/cve/CVE-2021-20203.html CVE-2021-20203 https://bugzilla.suse.com/1181639 SUSE Bug 1181639 An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. CVE-2021-20221 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.9.2 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.9.3 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.9.2 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.9.5 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.9.2 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.9.2 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.9.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDUPZEIOIEXWFR2ZTWFFOIO2ZA3AI3VM/ https://www.suse.com/security/cve/CVE-2021-20221.html CVE-2021-20221 https://bugzilla.suse.com/1181933 SUSE Bug 1181933