SUSE-SU-2024:1394-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269) - CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889) - CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134) - CVE-2024-3446: Fixed DM reentrancy issue that could lead to double free vulnerability (bsc#1222843) - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
Affected Systems
- opensuse•qemu&distro=openSUSE Leap Micro 5.3
< 6.2.0-150400.37.29.1
- opensuse•qemu&distro=openSUSE Leap Micro 5.4
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.3
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.4
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Manager Proxy 4.3
< 6.2.0-150400.37.29.1
- suse•qemu&distro=SUSE Manager Server 4.3
< 6.2.0-150400.37.29.1
References (11)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241394-1/
- https://bugzilla.suse.com/1213269
- https://bugzilla.suse.com/1218889
- https://bugzilla.suse.com/1220134
- https://bugzilla.suse.com/1222843
- https://bugzilla.suse.com/1222845
- https://www.suse.com/security/cve/CVE-2023-3019
- https://www.suse.com/security/cve/CVE-2023-6683
- https://www.suse.com/security/cve/CVE-2024-24474
- https://www.suse.com/security/cve/CVE-2024-3446
- https://www.suse.com/security/cve/CVE-2024-3447