SB2022120733 - Fedora 37 update for qemu
Published: December 7, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2020-14394)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. A privileged user on the guest OS can consume all available system resources and cause denial of service conditions of the QEMU process on the host.
2) Out-of-bounds write (CVE-ID: CVE-2021-3638)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the ATI VGA device emulation of QEMU within the ati_2d_blt() routine while handling MMIO write operations. A malicious guest can crash the QEMU process on the host.
3) Integer overflow (CVE-ID: CVE-2022-4172)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the read_erst_record() and write_erst_record() functions in the ACPI Error Record Serialization Table (ERST) device of QEMU. A malicious guest can overrun the host buffer allocated for the ERST memory device and crash the QEMU process on the host.
4) Out-of-bounds read (CVE-ID: CVE-2022-4144)
The vulnerability allows a malicious guest user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the qxl_phys2virt() function in the QXL display device emulation in QEMU. A malicious guest user can trigger an out-of-bounds read error and crash the QEMU process on the host
Remediation
Install update from vendor's website.