Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 883693 (CVE-2022-4144, CVE-2022-4172)

Summary: <app-emulation/qemu-7.2.0_rc3: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak, dilfridge, sam, tamiko, virtualization, zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.com/qemu-project/qemu/-/issues/1268
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 889974    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-30 00:54:35 UTC
CVE-2022-4172:
https://gitlab.com/qemu-project/qemu/-/commit/defb7098

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Waiting on 7.2.0 release, scheduled for early December:
https://wiki.qemu.org/Planning/7.2
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-30 00:59:38 UTC
CVE-2022-4144 (https://bugzilla.redhat.com/show_bug.cgi?id=2148506):

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html

This patch is in 7.2.0_rc3 as 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622.
Comment 2 Larry the Git Cow gentoo-dev 2022-12-01 01:55:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afd474b08a74f8befd90e7c18f02c20346a4c44c

commit afd474b08a74f8befd90e7c18f02c20346a4c44c
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-01 01:54:00 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-01 01:54:23 +0000

    app-emulation/qemu: add 7.2.0_rc3, drop 7.2.0_rc2
    
    Bug: https://bugs.gentoo.org/883693
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-emulation/qemu/Manifest                                         | 4 ++--
 app-emulation/qemu/{qemu-7.2.0_rc2.ebuild => qemu-7.2.0_rc3.ebuild} | 0
 2 files changed, 2 insertions(+), 2 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-12-15 06:15:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0135491dde8ca7d541af913330a51831d6e8e79

commit a0135491dde8ca7d541af913330a51831d6e8e79
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-15 05:21:46 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-15 06:14:23 +0000

    app-emulation/qemu: add 7.2.0, drop 7.2.0_rc4
    
    Bug: https://bugs.gentoo.org/883693
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-emulation/qemu/Manifest                                     | 4 ++--
 app-emulation/qemu/{qemu-7.2.0_rc4.ebuild => qemu-7.2.0.ebuild} | 0
 2 files changed, 2 insertions(+), 2 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2023-02-04 16:46:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=230e67a4b5a7fbb65587eabc556163f21c98f2dd

commit 230e67a4b5a7fbb65587eabc556163f21c98f2dd
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2023-02-04 16:45:33 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2023-02-04 16:45:51 +0000

    app-emulation/qemu: drop 7.1.0, 7.1.0-r2
    
    Bug: https://bugs.gentoo.org/883693
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 app-emulation/qemu/Manifest                        |   2 -
 .../qemu/files/qemu-7.1.0-faccessat2.patch         |  78 --
 .../qemu/files/qemu-7.1.0-loong-stat.patch         |  98 --
 .../qemu/files/qemu-7.1.0-mips-n32-syscalls.patch  |  94 --
 app-emulation/qemu/files/qemu-7.1.0-strings.patch  |  26 -
 app-emulation/qemu/qemu-7.1.0-r2.ebuild            | 967 --------------------
 app-emulation/qemu/qemu-7.1.0.ebuild               | 985 ---------------------
 7 files changed, 2250 deletions(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-19 17:00:59 UTC
Thanks!