Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2021:3575-1 Important: Qemu Stack Overflow And NULL Pointer Issues

suse
Calendar Grey October 28, 2021
Dist Suse Esm H88
SUSE announces important security patch for qemu, addressing multiple vulnerabilities of significant concern along with detailed patching instructions.
An update that fixes 7 vulnerabilities is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL:

Topics%20covered

Topics Covered

security advisory patch important NULL pointer SUSE stack overflow qemu

References

#1180432 #1180433 #1180434 #1180435 #1182651

#1186012 #1189145

Cross- CVE-2020-35503 CVE-2020-35504 CVE-2020-35505

CVE-2020-35506 CVE-2021-20255 CVE-2021-3527

CVE-2021-3682

CVSS scores:

CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:3575-1
Rating: important

Topics%20covered

Topics Covered

security advisory patch important NULL pointer SUSE stack overflow qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here