SUSE-SU-2023:2358-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 02 Jun 2023, 11:36
Last modified:04 Feb 2026, 02:21
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Jun 2023, 11:36
Published
Vulnerability first disclosed
04 Feb 2026, 02:21
Last Modified
Vulnerability information updated
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout() in hw/scsi/lsi53c895a.c (bsc#1198038). - CVE-2021-3929: Fixed use-after-free in nvme, caused by DMA reentrancy issue (bsc#1193880). - CVE-2021-4207: Fixed heap buffer overflow caused by double fetch in qxl_cursor() (bsc#1198037). - CVE-2021-4206: Fixed integer overflow in cursor_alloc() (bsc#1198035). - Amend .changes file: avoid declaring a still unfixed CVE, as fixed (bsc#1187529) - Fix the build breaks caused by binutils update (bsc#1192463, bsc#1193621)
Affected Systems
- suse•qemu&distro=SUSE Linux Enterprise Server 12 SP2-BCL
< 2.6.2-41.76.1
References (12)
- https://www.suse.com/support/update/announcement/2023/suse-su-20232358-1/
- https://bugzilla.suse.com/1187529
- https://bugzilla.suse.com/1192463
- https://bugzilla.suse.com/1193621
- https://bugzilla.suse.com/1193880
- https://bugzilla.suse.com/1198035
- https://bugzilla.suse.com/1198037
- https://bugzilla.suse.com/1198038
- https://www.suse.com/security/cve/CVE-2021-3929
- https://www.suse.com/security/cve/CVE-2021-4206
- https://www.suse.com/security/cve/CVE-2021-4207
- https://www.suse.com/security/cve/CVE-2022-0216