RedHat has issued these numerous CVEs for QEMu despite their not making the CVEs public.
CVE-2021-3750 (https://gitlab.com/qemu-project/qemu/-/issues/556): https://bugzilla.redhat.com/show_bug.cgi?id=1999073 https://gitlab.com/qemu-project/qemu/-/issues/541 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb5b77a6df5abbc85fbb62bd57a1465ec7a7b4b commit adb5b77a6df5abbc85fbb62bd57a1465ec7a7b4b Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-05-19 17:25:33 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-05-22 15:59:11 +0000 app-emulation/qemu: drop 6.2.0, 6.2.0-r3, 6.2.0-r4, 7.0.0_rc4 Closes: https://bugs.gentoo.org/831046 Bug: https://bugs.gentoo.org/839762 Signed-off-by: John Helmert III <ajak@gentoo.org> app-emulation/qemu/Manifest | 2 - ...qemu-6.2.0-also-build-virtfs-proxy-helper.patch | 34 - ...u-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch | 61 -- .../qemu/files/qemu-6.2.0-user-SLIC-crash.patch | 173 ---- app-emulation/qemu/metadata.xml | 2 - app-emulation/qemu/qemu-6.2.0-r3.ebuild | 924 -------------------- app-emulation/qemu/qemu-6.2.0-r4.ebuild | 925 --------------------- app-emulation/qemu/qemu-6.2.0.ebuild | 913 -------------------- app-emulation/qemu/qemu-7.0.0_rc4.ebuild | 914 -------------------- 9 files changed, 3948 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac commit fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:09:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-27 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/733448 Bug: https://bugs.gentoo.org/736605 Bug: https://bugs.gentoo.org/773220 Bug: https://bugs.gentoo.org/775713 Bug: https://bugs.gentoo.org/780816 Bug: https://bugs.gentoo.org/792624 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/810544 Bug: https://bugs.gentoo.org/820743 Bug: https://bugs.gentoo.org/835607 Bug: https://bugs.gentoo.org/839762 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-27.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+)
GLSA done, all done.
