Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1664-1 Final 1 1 2020-10-12T22:21:35Z current 2020-10-12T22:21:35Z 2020-10-12T22:21:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1664 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVFXHYA5K5PLF3ZBKNJIJ5BFDWNHLJZM/ E-Mail link for openSUSE-SU-2020:1664-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174386 SUSE Bug 1174386 https://bugzilla.suse.com/1174641 SUSE Bug 1174641 https://bugzilla.suse.com/1174863 SUSE Bug 1174863 https://bugzilla.suse.com/1175370 SUSE Bug 1175370 https://bugzilla.suse.com/1175441 SUSE Bug 1175441 https://bugzilla.suse.com/1176494 SUSE Bug 1176494 https://www.suse.com/security/cve/CVE-2020-14364/ SUSE CVE CVE-2020-14364 page https://www.suse.com/security/cve/CVE-2020-15863/ SUSE CVE CVE-2020-15863 page https://www.suse.com/security/cve/CVE-2020-16092/ SUSE CVE CVE-2020-16092 page https://www.suse.com/security/cve/CVE-2020-24352/ SUSE CVE CVE-2020-24352 page openSUSE Leap 15.2 qemu-4.2.1-lp152.9.6.1 qemu-arm-4.2.1-lp152.9.6.1 qemu-audio-alsa-4.2.1-lp152.9.6.1 qemu-audio-pa-4.2.1-lp152.9.6.1 qemu-audio-sdl-4.2.1-lp152.9.6.1 qemu-block-curl-4.2.1-lp152.9.6.1 qemu-block-dmg-4.2.1-lp152.9.6.1 qemu-block-gluster-4.2.1-lp152.9.6.1 qemu-block-iscsi-4.2.1-lp152.9.6.1 qemu-block-nfs-4.2.1-lp152.9.6.1 qemu-block-rbd-4.2.1-lp152.9.6.1 qemu-block-ssh-4.2.1-lp152.9.6.1 qemu-extra-4.2.1-lp152.9.6.1 qemu-guest-agent-4.2.1-lp152.9.6.1 qemu-ipxe-1.0.0+-lp152.9.6.1 qemu-ksm-4.2.1-lp152.9.6.1 qemu-kvm-4.2.1-lp152.9.6.1 qemu-lang-4.2.1-lp152.9.6.1 qemu-linux-user-4.2.1-lp152.9.6.1 qemu-microvm-4.2.1-lp152.9.6.1 qemu-ppc-4.2.1-lp152.9.6.1 qemu-s390-4.2.1-lp152.9.6.1 qemu-seabios-1.12.1+-lp152.9.6.1 qemu-sgabios-8-lp152.9.6.1 qemu-testsuite-4.2.1-lp152.9.6.1 qemu-tools-4.2.1-lp152.9.6.1 qemu-ui-curses-4.2.1-lp152.9.6.1 qemu-ui-gtk-4.2.1-lp152.9.6.1 qemu-ui-sdl-4.2.1-lp152.9.6.1 qemu-ui-spice-app-4.2.1-lp152.9.6.1 qemu-vgabios-1.12.1+-lp152.9.6.1 qemu-vhost-user-gpu-4.2.1-lp152.9.6.1 qemu-x86-4.2.1-lp152.9.6.1 qemu-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-arm-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-audio-alsa-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-audio-pa-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-audio-sdl-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-curl-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-dmg-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-gluster-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-iscsi-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-nfs-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-rbd-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-block-ssh-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-extra-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-guest-agent-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ipxe-1.0.0+-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ksm-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-kvm-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-lang-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-linux-user-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-microvm-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ppc-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-s390-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-seabios-1.12.1+-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-sgabios-8-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-testsuite-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-tools-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ui-curses-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ui-gtk-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ui-sdl-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-ui-spice-app-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-vgabios-1.12.1+-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-vhost-user-gpu-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 qemu-x86-4.2.1-lp152.9.6.1 as a component of openSUSE Leap 15.2 An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. CVE-2020-14364 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.6.1 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.6.1 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.6.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVFXHYA5K5PLF3ZBKNJIJ5BFDWNHLJZM/ https://www.suse.com/security/cve/CVE-2020-14364.html CVE-2020-14364 https://bugzilla.suse.com/1175441 SUSE Bug 1175441 https://bugzilla.suse.com/1175534 SUSE Bug 1175534 https://bugzilla.suse.com/1176494 SUSE Bug 1176494 https://bugzilla.suse.com/1177130 SUSE Bug 1177130 hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. CVE-2020-15863 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.6.1 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.6.1 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.6.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVFXHYA5K5PLF3ZBKNJIJ5BFDWNHLJZM/ https://www.suse.com/security/cve/CVE-2020-15863.html CVE-2020-15863 https://bugzilla.suse.com/1174386 SUSE Bug 1174386 In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. CVE-2020-16092 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.6.1 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.6.1 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.6.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVFXHYA5K5PLF3ZBKNJIJ5BFDWNHLJZM/ https://www.suse.com/security/cve/CVE-2020-16092.html CVE-2020-16092 https://bugzilla.suse.com/1174641 SUSE Bug 1174641 An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. CVE-2020-24352 openSUSE Leap 15.2:qemu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.6.1 openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.6.1 openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.6.1 openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.6.1 openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.6.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVFXHYA5K5PLF3ZBKNJIJ5BFDWNHLJZM/ https://www.suse.com/security/cve/CVE-2020-24352.html CVE-2020-24352 https://bugzilla.suse.com/1175370 SUSE Bug 1175370 https://bugzilla.suse.com/1188609 SUSE Bug 1188609