Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2023:4056-1 Critical: QEMU Memory Leak and Service Disruption Patch

suse
Calendar Grey October 12, 2023
Dist Suse Esm H88
Crucial patch for QEMU tackles serious security flaws, ensuring the resilience of systems against potential breaches.
* #1179993 * #1181740 * #1188609 * #1190011 * #1207205

Summary

## This update for qemu fixes the following issues: * CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device (bsc#1213925). * CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free (bsc#1190011). * CVE-2021-3638: Fixed a buffer overflow in the ati-vga device (bsc#1188609). * CVE-2023-3354: Fixed an issue when performing a TLS handshake that could lead to remote denial of service via VNC connection (bsc#1212850). * CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device that could lead to a stack overflow (bsc#1207205). Non-security fixes: * Fixed a potential build issue in the librm subcomponent (bsc#1215311). * Fixed a potential crash during VM migration (bsc#1213663). * Fixed potential issues during installation on a Xen host (bsc#1179993,

Topics%20covered

Topics Covered

security advisory buffer overflow software update remote DoS important SUSE qemu

References

* #1179993

* #1181740

* #1188609

* #1190011

* #1207205

* #1212850

* #1213663

* #1213925

* #1215311

Cross-

* CVE-2021-3638

* CVE-2021-3750

* CVE-2023-0330

* CVE-2023-3180

* CVE-2023-3354

CVSS scores:

* CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

* CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

* CVE-2021-3750 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2021-3750 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4056-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow software update remote DoS important SUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here