Summary: | <app-emulation/qemu-6.0.1: multiple vulnerabilities (CVE-2021-{3527,3544,3545,3546,3582,3607,3608}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, jaak, sam, tamiko, virtualization, zlogene |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/23421 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 820677 | ||
Bug Blocks: |
Description
Sam James
2021-10-29 18:42:54 UTC
CVE-2021-3582: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. CVE-2021-3607: An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-3608: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bff4fbd804e1bd45e5e8478efd66b28e9c58fad6 commit bff4fbd804e1bd45e5e8478efd66b28e9c58fad6 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-29 18:50:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-29 18:50:58 +0000 app-emulation/qemu: add 6.0.1 Closes: https://bugs.gentoo.org/820677 Bug: https://bugs.gentoo.org/820743 Signed-off-by: Sam James <sam@gentoo.org> app-emulation/qemu/Manifest | 1 + app-emulation/qemu/qemu-6.0.1.ebuild | 911 +++++++++++++++++++++++++++++++++++ 2 files changed, 912 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4dbabb19b26f4203d67e25f78772c5bebf650ff commit d4dbabb19b26f4203d67e25f78772c5bebf650ff Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-12-20 04:31:40 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2021-12-20 06:42:24 +0000 app-emulation/qemu: drop 6.0.0-r4, 6.0.0-r54, 6.0.1-r1 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/820743 Closes: https://github.com/gentoo/gentoo/pull/23421 Signed-off-by: John Helmert III <ajak@gentoo.org> Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 2 - .../qemu/files/qemu-5.2.0-cleaner-werror.patch | 40 - .../qemu/files/qemu-5.2.0-dce-locks.patch | 18 - app-emulation/qemu/files/qemu-5.2.0-strings.patch | 23 - app-emulation/qemu/qemu-6.0.0-r4.ebuild | 910 -------------------- app-emulation/qemu/qemu-6.0.0-r54.ebuild | 911 --------------------- app-emulation/qemu/qemu-6.0.1-r1.ebuild | 911 --------------------- 7 files changed, 2815 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac commit fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:09:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-27 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/733448 Bug: https://bugs.gentoo.org/736605 Bug: https://bugs.gentoo.org/773220 Bug: https://bugs.gentoo.org/775713 Bug: https://bugs.gentoo.org/780816 Bug: https://bugs.gentoo.org/792624 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/810544 Bug: https://bugs.gentoo.org/820743 Bug: https://bugs.gentoo.org/835607 Bug: https://bugs.gentoo.org/839762 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-27.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) GLSA done, all done. |