SUSE-SU-2022:3768-1

Advisory lineage Upstream: 7 Downstream: 0
Published: 26 Oct 2022, 10:13
Last modified:02 May 2025, 04:30

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Oct 2022, 10:13
Published
Vulnerability first disclosed
02 May 2025, 04:30
Last Modified
Vulnerability information updated

Description

Security update for qemu This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) - CVE-2021-3507: Fixed a heap buffer overflow in DMA read data transfers. (bsc#1185000) - CVE-2020-17380: Fixed a heap buffer overflow in sdhci_sdma_transfer_multi_blocks. (bsc#1175144)

Affected Systems

  • opensuseqemu&distro=openSUSE Leap 15.3

    < 3.1.1.1-150100.80.43.2

  • suseqemu&distro=SUSE Enterprise Storage 6

    < 3.1.1.1-150100.80.43.2

  • suseqemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

    < 3.1.1.1-150100.80.43.2

  • suseqemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

    < 3.1.1.1-150100.80.43.2

  • suseqemu&distro=SUSE Linux Enterprise Server 15 SP1-BCL

    < 3.1.1.1-150100.80.43.2

  • suseqemu&distro=SUSE Linux Enterprise Server 15 SP1-LTSS

    < 3.1.1.1-150100.80.43.2

  • suseqemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP1

    < 3.1.1.1-150100.80.43.2

References (16)