CVE-2021-3409 (https://www.openwall.com/lists/oss-security/2021/03/09/1): QEMU upstream commit [1] was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the SDHCI controller emulation code. In fact, commit [1] turned out to be incomplete, in that it was still possible to reproduce the same issue(s) with specially crafted input, inducing a bogus transfer and subsequent out-of-bounds read/write access in sdhci_do_adma() or sdhci_sdma_transfer_multi_blocks(). Old patch: [1] https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html CVE-2021-20263 (https://www.openwall.com/lists/oss-security/2021/03/08/1): A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Virtio-fs is meant to share a host file system directory with a guest virtual machine. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg01244.html Both patchsets seem to be unmerged.
Second patch is applied, first patch series not yet in upstream main git branch.
Package list is empty or all packages have requested keywords.
Everything seems to be in 6.0.0
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac commit fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:09:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-27 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/733448 Bug: https://bugs.gentoo.org/736605 Bug: https://bugs.gentoo.org/773220 Bug: https://bugs.gentoo.org/775713 Bug: https://bugs.gentoo.org/780816 Bug: https://bugs.gentoo.org/792624 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/810544 Bug: https://bugs.gentoo.org/820743 Bug: https://bugs.gentoo.org/835607 Bug: https://bugs.gentoo.org/839762 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-27.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+)
GLSA done, all done.