Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024-1395-1 Important QEMU Buffer Overflow and DoS Risk

suse
Calendar Grey April 23, 2024
Dist Suse Esm H88
Important security patch for qemu fixes various vulnerabilities in SUSE platforms, providing improved safeguarding.
* bsc#1190011 * bsc#1198038 * bsc#1207205 * bsc#1212850 * bsc#1213925

Summary

## This update for qemu fixes the following issues: * CVE-2021-3750: Fixed DMA reentrancy issue that could lead to use-after-free (bsc#1190011) * CVE-2022-0216: Fixed use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038) * CVE-2023-0330: Fixed DMA reentrancy issue that could lead to stack overflow (bsc#1207205) * CVE-2023-3180: Fixed heap buffer overflow in virtio_crypto_sym_op_helper() (bsc#1213925) * CVE-2023-3354: Fixed improper I/O watch removal in VNC TLS handshake that could lead to remote unauthenticated denial of service (bsc#1212850) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow important SUSE stack overflow QEMU

References

* bsc#1190011

* bsc#1198038

* bsc#1207205

* bsc#1212850

* bsc#1213925

Cross-

* CVE-2021-3750

* CVE-2022-0216

* CVE-2023-0330

* CVE-2023-3180

* CVE-2023-3354

CVSS scores:

* CVE-2021-3750 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2021-3750 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2022-0216 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2022-0216 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1395-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow important SUSE stack overflow QEMU

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here