Main Vulnerability Database SB2021072178

SB2021072178 - SUSE update for qemu

Published: July 21, 2021

Security Bulletin ID SB2021072178

Severity

Medium

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Release of invalid pointer or reference (CVE-ID: CVE-2021-3592)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the bootp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host.

2) Release of invalid pointer or reference (CVE-ID: CVE-2021-3593)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the udp6_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

3) Release of invalid pointer or reference (CVE-ID: CVE-2021-3594)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the udp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

4) Release of invalid pointer or reference (CVE-ID: CVE-2021-3595)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the tftp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

5) Out-of-bounds write (CVE-ID: CVE-2021-3611)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the Intel HD Audio device (intel-hda) of QEMU. A remote user of the guest OS trigger an out-of-bounds write and crash the QEMU process on the host.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-20212428-1/

Vulnerable Software

SUSE Linux Enterprise Server: 12-SP2-BCL
qemu-vgabios: before 1.9.1_0_gb3ef39f-41.68.1
qemu-seabios: before 1.9.1_0_gb3ef39f-41.68.1
qemu-sgabios: before 8-41.68.1
qemu-ipxe: before 1.0.0-41.68.1
qemu-x86-debuginfo: before 2.6.2-41.68.1
qemu-x86: before 2.6.2-41.68.1
qemu-tools-debuginfo: before 2.6.2-41.68.1
qemu-tools: before 2.6.2-41.68.1
qemu-lang: before 2.6.2-41.68.1
qemu-kvm: before 2.6.2-41.68.1
qemu-guest-agent-debuginfo: before 2.6.2-41.68.1
qemu-guest-agent: before 2.6.2-41.68.1
qemu-debugsource: before 2.6.2-41.68.1
qemu-block-ssh-debuginfo: before 2.6.2-41.68.1
qemu-block-ssh: before 2.6.2-41.68.1
qemu-block-rbd-debuginfo: before 2.6.2-41.68.1
qemu-block-rbd: before 2.6.2-41.68.1
qemu-block-curl-debuginfo: before 2.6.2-41.68.1
qemu-block-curl: before 2.6.2-41.68.1
qemu: before 2.6.2-41.68.1