SUSE: 2024:1120-2 Important Update: QEMU Security Fixes Released

suse

April 8, 2024

* bsc#1205316 * bsc#1209554 * bsc#1218484 * bsc#1220062 * bsc#1220065

Summary

## This update for qemu fixes the following issues: * CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062). * CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134). * CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484). * CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554). * CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065). The following non-security bug was fixed: * Removing in-use mediated device should fail with error message instead of hang (bsc#1205316). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics Covered

security advisory buffer overflow important SUSE SUSE Linux QEMU SUSE Linux Enterprise

References

* bsc#1205316

* bsc#1209554

* bsc#1218484

* bsc#1220062

* bsc#1220065

* bsc#1220134

* jsc#PED-7366

* jsc#PED-8113

Cross-

* CVE-2023-1544

* CVE-2023-6693

* CVE-2024-24474

* CVE-2024-26327

* CVE-2024-26328

CVSS scores:

* CVE-2023-1544 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H

* CVE-2023-1544 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

* CVE-2023-6693 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2023-6693 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-24474 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2024-26327 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2024-26328 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected Products:

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:1103-1

Rating: important

Topics Covered

security advisory buffer overflow important SUSE SUSE Linux QEMU SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2024:1120-2 Important Update: QEMU Security Fixes Released

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2024:1120-2 Important Update: QEMU Security Fixes Released

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!