RHEL 8.3 Security Update RHSA-2021-1125-01 Low: Qemu Heap Access
red hat
April 7, 2021
An update for the virt:8.3 and virt-devel:8.3 modules is now available for Advanced Virtualization for RHEL 8.3.1
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
The Advanced Virtualization module provides the user-space component for
running virtual machines that use KVM in environments managed by Red Hat
products.
Security Fix(es):
* qemu: out-of-bound heap buffer access via an interrupt ID field
(CVE-2021-20221)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Libvirt shouldn't set the MTU of an unmanaged tap/macvtap device, it
should just pass the mtu to the guest (BZ#1924681)
* libvirtd crashes in virEventThreadWorker (BZ#1942010)
References
https://access.redhat.com/security/cve/CVE-2021-20221 https://access.redhat.com/security/updates/classification#low
Package List
Advanced Virtualization for RHEL 8.3.1:
Source:
SLOF-20200717-1.gite18ddad8.module+el8.3.0+7638+07cf13d2.src.rpm
hivex-1.3.18-20.module+el8.3.0+6124+819ee737.src.rpm
libguestfs-1.42.0-2.module+el8.3.0+6798+ad6e66be.src.rpm
libguestfs-winsupport-8.2-1.module+el8.3.0+6124+819ee737.src.rpm
libiscsi-1.18.0-8.module+el8.3.0+6124+819ee737.src.rpm
libnbd-1.4.0-2.module+el8.3.0+7998+6ff5e5ab.src.rpm
libtpms-0.7.4-1.20201106git2452a24dab.module+el8.3.1+8772+a3fdeccd.src.rpm
libvirt-6.6.0-13.2.module+el8.3.1+10483+85317cf0.src.rpm
libvirt-dbus-1.3.0-2.module+el8.3.0+6124+819ee737.src.rpm
libvirt-python-6.6.0-2.module+el8.3.1+9800+33087bb5.src.rpm
nbdkit-1.22.0-2.module+el8.3.0+8203+18ecf00e.src.rpm
netcf-0.2.8-12.module+el8.3.0+6124+819ee737.src.rpm
perl-Sys-Virt-6.3.0-1.module+el8.3.0+6995+6794eec3.src.rpm
python-pyvmomi-6.7.1-7.module+el8.3.0+6124+819ee737.src.rpm
qemu-kvm-5.1.0-21.module+el8.3.1+10464+8ad18d1a.src.rpm
seabios-1.14.0-1.module+el8.3.0+7638+07cf13d2.src.rpm
sgabios-0.20170427git-3.module+el8.3.0+6124+819ee737.src.rpm
supermin-5.2.0-1.module+el8.3.0+7648+42900458.src.rpm
swtpm-0.4.2-1.20201201git2df14e3.module+el8.3.1+9074+e34e3b04.src.rpm
virt-v2v-1.42.0-7.module+el8.3.1+9562+c3ede7c6.src.rpm
aarch64:
hivex-1.3.18-20.module+el8.3.0+6124+819ee737.aarch64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2021:1125-01
Product: Advanced Virtualization
Advisory URL: Issue date: 2021-04-07
Topic
An update for the virt:8.3 and virt-devel:8.3 modules is now available forAdvanced Virtualization for RHEL 8.3.1.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Advanced Virtualization CodeReady Builder for RHEL 8.3.1 - aarch64, ppc64le, s390x, x86_64
Advanced Virtualization for RHEL 8.3.1 - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1924601 - CVE-2021-20221 qemu: out-of-bound heap buffer access via an interrupt ID field
1924681 - Libvirt shouldn't set the MTU of an unmanaged tap/macvtap device, it should just pass the mtu to the guest [rhel-8.3.1.z]
1942010 - libvirtd crashes in virEventThreadWorker [rhel-8.3.1.z]
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!