CVE-2022-4172: https://gitlab.com/qemu-project/qemu/-/commit/defb7098 An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Waiting on 7.2.0 release, scheduled for early December: https://wiki.qemu.org/Planning/7.2
CVE-2022-4144 (https://bugzilla.redhat.com/show_bug.cgi?id=2148506): An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html This patch is in 7.2.0_rc3 as 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afd474b08a74f8befd90e7c18f02c20346a4c44c commit afd474b08a74f8befd90e7c18f02c20346a4c44c Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-01 01:54:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-01 01:54:23 +0000 app-emulation/qemu: add 7.2.0_rc3, drop 7.2.0_rc2 Bug: https://bugs.gentoo.org/883693 Signed-off-by: John Helmert III <ajak@gentoo.org> app-emulation/qemu/Manifest | 4 ++-- app-emulation/qemu/{qemu-7.2.0_rc2.ebuild => qemu-7.2.0_rc3.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0135491dde8ca7d541af913330a51831d6e8e79 commit a0135491dde8ca7d541af913330a51831d6e8e79 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-15 05:21:46 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-15 06:14:23 +0000 app-emulation/qemu: add 7.2.0, drop 7.2.0_rc4 Bug: https://bugs.gentoo.org/883693 Signed-off-by: John Helmert III <ajak@gentoo.org> app-emulation/qemu/Manifest | 4 ++-- app-emulation/qemu/{qemu-7.2.0_rc4.ebuild => qemu-7.2.0.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=230e67a4b5a7fbb65587eabc556163f21c98f2dd commit 230e67a4b5a7fbb65587eabc556163f21c98f2dd Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2023-02-04 16:45:33 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2023-02-04 16:45:51 +0000 app-emulation/qemu: drop 7.1.0, 7.1.0-r2 Bug: https://bugs.gentoo.org/883693 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> app-emulation/qemu/Manifest | 2 - .../qemu/files/qemu-7.1.0-faccessat2.patch | 78 -- .../qemu/files/qemu-7.1.0-loong-stat.patch | 98 -- .../qemu/files/qemu-7.1.0-mips-n32-syscalls.patch | 94 -- app-emulation/qemu/files/qemu-7.1.0-strings.patch | 26 - app-emulation/qemu/qemu-7.1.0-r2.ebuild | 967 -------------------- app-emulation/qemu/qemu-7.1.0.ebuild | 985 --------------------- 7 files changed, 2250 deletions(-)
Thanks!
All vulnerable versions are gone.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1baff7cf9283037d49a3b562d771e3cf77039bfa commit 1baff7cf9283037d49a3b562d771e3cf77039bfa Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-09 09:49:28 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-09 09:49:35 +0000 [ GLSA 202408-18 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/857657 Bug: https://bugs.gentoo.org/865121 Bug: https://bugs.gentoo.org/883693 Bug: https://bugs.gentoo.org/909542 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-18.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+)