SUSE-SU-2021:0521-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523) - Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) - Fixed 'Failed to try-restart qemu-ga@.service' error while updating the qemu-guest-agent. (bsc#1178565) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049)
Affected Systems
- suse•qemu&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
< 4.2.1-11.13.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP2
< 4.2.1-11.13.1
References (13)
- https://www.suse.com/support/update/announcement/2021/suse-su-20210521-1/
- https://bugzilla.suse.com/1178049
- https://bugzilla.suse.com/1178565
- https://bugzilla.suse.com/1179717
- https://bugzilla.suse.com/1179719
- https://bugzilla.suse.com/1180523
- https://bugzilla.suse.com/1181639
- https://bugzilla.suse.com/1181933
- https://bugzilla.suse.com/1182137
- https://www.suse.com/security/cve/CVE-2020-11947
- https://www.suse.com/security/cve/CVE-2021-20181
- https://www.suse.com/security/cve/CVE-2021-20203
- https://www.suse.com/security/cve/CVE-2021-20221