SUSE-SU-2024:1103-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062). - CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134). - CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484). - CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554). - CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065). The following non-security bug was fixed: - Removing in-use mediated device should fail with error message instead of hang (bsc#1205316).
Affected Systems
- opensuse•qemu&distro=openSUSE Leap 15.5
< 7.1.0-150500.49.12.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.5
< 7.1.0-150500.49.12.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
< 7.1.0-150500.49.12.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5
< 7.1.0-150500.49.12.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5
< 7.1.0-150500.49.12.1
References (12)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241103-1/
- https://bugzilla.suse.com/1205316
- https://bugzilla.suse.com/1209554
- https://bugzilla.suse.com/1218484
- https://bugzilla.suse.com/1220062
- https://bugzilla.suse.com/1220065
- https://bugzilla.suse.com/1220134
- https://www.suse.com/security/cve/CVE-2023-1544
- https://www.suse.com/security/cve/CVE-2023-6693
- https://www.suse.com/security/cve/CVE-2024-24474
- https://www.suse.com/security/cve/CVE-2024-26327
- https://www.suse.com/security/cve/CVE-2024-26328