SUSE-SU-2023:0840-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808). - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). - CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038). - CVE-2022-1050: Fixed a use-after-free issue in pvrdma_exec_cmd() in pvrdma (bsc#1197653). - CVE-2021-3929: Fixed a DMA reentrancy issue leads to use-after-free in nvme (bsc#1193880). The following non-security bugs were fixed: - Fix bsc#1202364.
Affected Systems
- suse•qemu&distro=SUSE Enterprise Storage 7.1
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.1
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.2
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise Real Time 15 SP3
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Manager Proxy 4.2
< 5.2.0-150300.121.2
- suse•qemu&distro=SUSE Manager Server 4.2
< 5.2.0-150300.121.2
References (14)
- https://www.suse.com/support/update/announcement/2023/suse-su-20230840-1/
- https://bugzilla.suse.com/1180207
- https://bugzilla.suse.com/1185000
- https://bugzilla.suse.com/1193880
- https://bugzilla.suse.com/1197653
- https://bugzilla.suse.com/1198038
- https://bugzilla.suse.com/1202364
- https://bugzilla.suse.com/1205808
- https://www.suse.com/security/cve/CVE-2020-14394
- https://www.suse.com/security/cve/CVE-2021-3507
- https://www.suse.com/security/cve/CVE-2021-3929
- https://www.suse.com/security/cve/CVE-2022-0216
- https://www.suse.com/security/cve/CVE-2022-1050
- https://www.suse.com/security/cve/CVE-2022-4144