SB2023030828 - SUSE update for qemu

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-1050)

The vulnerability allows a malicious guest to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the QEMU implementation of VMWare's paravirtual RDMA device. A specially crafted driver on a malicious guest can execute HW commands when shared buffers are not yet allocated, trigger a use-after-free error and execute arbitrary code on the QEMU host.

2) Integer underflow (CVE-ID: CVE-2022-3165)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow in the QEMU VNC server while processing ClientCutText messages in the extended format. A remote client can send a specially crafted payload message to the VNC server and perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2022-4144)

The vulnerability allows a malicious guest user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the qxl_phys2virt() function in the QXL display device emulation in QEMU. A malicious guest user can trigger an out-of-bounds read error and crash the QEMU process on the host

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2023/suse-su-20230671-1/