Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

SUSE Linux: 2021:0521-1 Important: Qemu Privilege Escalation Issues

suse
Calendar Grey February 19, 2021
Dist Suse Esm H88
Discover essential SUSE update addressing qemu privilege escalation and critical fixes for improved security.
An update that solves four vulnerabilities and has four fixes is now available

Summary

This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523) - Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) - Fixed "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049) Patch Instructions:

References

#1178049 #1178565 #1179717 #1179719 #1180523

#1181639 #1181933 #1182137

Cross- CVE-2020-11947 CVE-2021-20181 CVE-2021-20203

CVE-2021-20221

CVSS scores:

CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2020-11947.html

https://www.suse.com/security/cve/CVE-2021-20181.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0521-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.