Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE 15-SP2 Important QEMU Security Update: Critical Buffer Overflow Fix

suse
Calendar Grey October 17, 2022
Dist Suse Esm H88
Canonical reveals an urgent patch for KVM tackling multiple key vulnerabilities, strengthening security measures.
An update that solves 5 vulnerabilities and has one errata is now available

Summary

This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:

Topics%20covered

Topics Covered

security advisory security update high severity buffer overflow SUSE QEMU error fix

References

#1175144 #1182282 #1192115 #1198035 #1198037

#1198038

Cross- CVE-2021-3409 CVE-2021-4206 CVE-2021-4207

CVE-2022-0216 CVE-2022-35414

CVSS scores:

CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3594-1
Rating: important

Topics%20covered

Topics Covered

security advisory security update high severity buffer overflow SUSE QEMU error fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here