-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: qemu-kvm security, bug fix, and enhancement update
Advisory ID:       RHSA-2023:2162-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2162
Issue date:        2023-05-09
CVE Names:         CVE-2022-3165 CVE-2022-4172 
====================================================================
1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

The following packages have been upgraded to a later upstream version:
qemu-kvm (7.2.0). (BZ#2111769, BZ#2135806)

Security Fix(es):

* QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU
exhaustion (CVE-2022-3165)

* QEMU: ACPI ERST: memory corruption issues in read_erst_record and
write_erst_record (CVE-2022-4172)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1860292 - RFE: add extent_size_hint information to qemu-img info
1905805 - support config interrupt in vhost-vdpa qemu
1963845 - QEMU quit if set nvdimm memory backend option readonly=on
1979276 - SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on
1983208 - i386/pc: Fix creation of >= 1Tb guests on AMD systems with IOMMU
1983493 - Qemu should prompt fatal error and quit with an unsupported audiodev
1986665 - [Fwcfg64] dump-guest-memory -w command report error "win-dump: failed to read CPU #2 ContextFrame location" on Windows desktop
2074000 - Make memory preallocation threads NUMA aware
2077376 - [RFE] Add support for 32-bit guest Windows dump with vmcoreinfo (fwcfg) via 'dump-guest-memory -w'
2086980 - Please Update The Error Info More Clearly When Creating Images Over RBD with The Namespace Not Existing
2087155 - Guest will get stuck at "Reached target Basic System" if insert the virtio-iommu device in pcie-root-port
2091166 - Q35: dmidecode doesn't display number of cpus (>255) correctly
2108531 - Windows guest reboot after migration with wsl2 installed inside
2108923 - [RHEL.9.2] Display a deprecation message in '-cpu help' for deprecated CPU models
2111769 - Rebase to QEMU 7.1.0
2113840 - [RHEL9.2] Memory mapping optimization for virt machine
2116496 - Can't run when memory backing with hugepages and backend type memfd
2120480 - guest with tpm crashed when executing memory dump to kdump-zlib_format
2121430 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.2.0]
2122788 - virtio-net TX stall after packet bursts (probably in qemu)
2123297 - Mirror job with "copy-mode":"write-blocking" that used for storage migration can't converge under heavy I/O
2124446 - Can not copy/paste from host to guest after restart spice-vdagentd.service
2124856 - VM with virtio interface and iommu=on will crash when try to migrate
2126095 - [rhel9.2][intel_iommu]Booting guest with "-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on" causes kernel call trace
2127825 - Use capstone for qemu-kvm build
2128222 - VDUSE block export should be disabled in builds for now
2128235 - [s390x][RHEL9] [s390x-ccw bios] lacking document about parameter loadparm in qemu
2129739 - CVE-2022-3165 QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
2131982 - Add rhel-9.2.0  arm virt machine type
2135806 - Rebase to QEMU 7.2 for RHEL 9.2.0
2136473 - Add rhel-9.2.0 s390x machine type
2136797 - qemu crash when taking screenshot with png format
2137327 - Add rhel-9.2.0 x86_64 machine type
2137330 - RFE: guest agent 'guest-get-diskstats' api support
2137332 - RFE: guest agent 'guest-get-cpustats' api support
2138242 - zero-copy-send patches to RHEL9.2
2141088 - vDPA SVQ guest announce support
2141218 - qemu-kvm build fails with clang 15.0.1 due to false unused variable error
2143584 - Update machine type compatibility for QEMU 7.2.0 update [aarch64]
2143585 - Update machine type compatibility for QEMU 7.2.0 update [s390x]
2144367 - [guest-agent]NVMe SMART support for Linux
2144436 - usb device cannot be found in VM when starting VM with a usb-redir device
2148352 - [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite
2149022 - qemu-kvm: Missing dependencies between devices
2149105 - CVE-2022-4172 QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record
2149191 - [RFE][guest-agent] - USB bus type support
2150180 - qemu-img finishes successfully while having errors in commit or bitmaps operations
2152977 - RFE: support live migrating TPM state to a target that shares storage with the source
2154640 - [aarch64] qemu fails to load "efi-virtio.rom" romfile when creating virtio-net-pci
2155112 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)
2155173 - [vhost-user] unable to start vhost net: 71: falling back on userspace
2155748 - qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed
2155749 - [regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X
2156515 - [guest-agent] Replace '-blacklist' with '-block-rpcs' in qemu-ga config file
2156876 - [virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)
2158704 - RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall
2159408 - [s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8
2162569 - [transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2
2168209 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)
2169232 - RFE: reconnect option for stream socket back-end
2169732 - Multifd migration fails under a weak network/socket ordering race
2169904 - [SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022
2173590 - bugs in emulation of BMI instructions (for libguestfs without KVM)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
qemu-kvm-7.2.0-14.el9_2.src.rpm

aarch64:
qemu-guest-agent-7.2.0-14.el9_2.aarch64.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-img-7.2.0-14.el9_2.aarch64.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-audio-pa-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-curl-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-rbd-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-common-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-common-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-core-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-core-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-usb-host-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-docs-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-tools-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-pr-helper-7.2.0-14.el9_2.aarch64.rpm
qemu-pr-helper-debuginfo-7.2.0-14.el9_2.aarch64.rpm

ppc64le:
qemu-guest-agent-7.2.0-14.el9_2.ppc64le.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.ppc64le.rpm
qemu-img-7.2.0-14.el9_2.ppc64le.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.ppc64le.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.ppc64le.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.ppc64le.rpm

s390x:
qemu-guest-agent-7.2.0-14.el9_2.s390x.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-img-7.2.0-14.el9_2.s390x.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-audio-pa-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-curl-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-rbd-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-common-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-common-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-core-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-core-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-ccw-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-ccw-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-usb-host-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-docs-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-tools-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-pr-helper-7.2.0-14.el9_2.s390x.rpm
qemu-pr-helper-debuginfo-7.2.0-14.el9_2.s390x.rpm

x86_64:
qemu-guest-agent-7.2.0-14.el9_2.x86_64.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-img-7.2.0-14.el9_2.x86_64.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-audio-pa-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-curl-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-rbd-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-common-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-common-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-core-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-core-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-vga-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-vga-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-host-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-redirect-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-redirect-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-docs-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-tools-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-egl-headless-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-egl-headless-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-opengl-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-opengl-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-pr-helper-7.2.0-14.el9_2.x86_64.rpm
qemu-pr-helper-debuginfo-7.2.0-14.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3165
https://access.redhat.com/security/cve/CVE-2022-4172
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZFo0NNzjgjWX9erEAQgUDA/+P3VBg0lYVjU2aMb0pl+ueXSmwaq4VHkN
hsJSMS19tXnDjcy/4Yc9NGxec6ZP0X5UjVsTRDAecin9yfdR5x6O3Bvhej/xTouf
9LyOKBF585BDFLoSXG/Lv8zXQDHCVX14t+c6kHaeQKSkF7lZ1ql2BFJne1ebsYv7
hJd4UZ30ZR8dTgOhHLTal2Uo4eYmzujToeQvwBWodDAaYWVdFWgxh3Jw5ue1oU+m
qpeBvtnRkgoES1GQdQyQXTzJQwod60n1OXbkuygUT3RTvCUPIFHIRF3fiTsqpEDQ
n8iqYf87R4r7vfiuSlGUBSVj/nKhW9HKpDyUnyyNB9odQPXg4TKcB/VAuBphAimv
8ihIxv30mT1qbASMu6CvaUcvaseIldaXWxnuHBrYKPkm+q2oEniqn84J5u8N4iUP
Lj3TxiwKYYjquiklLfHuyk08VZloL168W+/mKboMPQw1htmeSQlLr/s87O4GxckS
N6TKXN7PxMvLsMu2mszMcCvgQMM0nin2lHLUmwKhh17dcT1Q0xPJE972h74iSZb2
cYehKKGq0k9oBY4qKQb2bL3eiC77P4e6UNez/Ek6l5gvcXz1gThCbJbTz1rgl7jK
u1+vxOJ+g234Sjwj+u7i4r+6T0znOVsl3bJxdxIhUDPA/WbvhHRZOqq6G18NHRAu
g5HpNV3xpEA=B4e1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce