Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0930-1 Final 1 1 2022-03-22T08:22:59Z current 2022-03-22T08:22:59Z 2022-03-22T08:22:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161). - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525). Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737). - Included vmxcap in the qemu-tools package (bsc#1193364). - Fixed package dependencies (bsc#1196087). - Fixed an issue were PowerPC firmwares would not be built for non-PowerPC builds (bsc#1193545). - Fixed multiple issues in I/O (bsc#1178049 bsc#1194938). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2022-930 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VFLDWSRMX7BN3NXC6GXAFPJLCC5D5KIJ/ E-Mail link for openSUSE-SU-2022:0930-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178049 SUSE Bug 1178049 https://bugzilla.suse.com/1192525 SUSE Bug 1192525 https://bugzilla.suse.com/1193364 SUSE Bug 1193364 https://bugzilla.suse.com/1193545 SUSE Bug 1193545 https://bugzilla.suse.com/1194938 SUSE Bug 1194938 https://bugzilla.suse.com/1195161 SUSE Bug 1195161 https://bugzilla.suse.com/1196087 SUSE Bug 1196087 https://bugzilla.suse.com/1196737 SUSE Bug 1196737 https://www.suse.com/security/cve/CVE-2021-3930/ SUSE CVE CVE-2021-3930 page https://www.suse.com/security/cve/CVE-2022-0358/ SUSE CVE CVE-2022-0358 page openSUSE Leap 15.3 qemu-5.2.0-150300.112.4 qemu-SLOF-5.2.0-150300.112.4 qemu-arm-5.2.0-150300.112.4 qemu-audio-alsa-5.2.0-150300.112.4 qemu-audio-pa-5.2.0-150300.112.4 qemu-audio-spice-5.2.0-150300.112.4 qemu-block-curl-5.2.0-150300.112.4 qemu-block-dmg-5.2.0-150300.112.4 qemu-block-gluster-5.2.0-150300.112.4 qemu-block-iscsi-5.2.0-150300.112.4 qemu-block-nfs-5.2.0-150300.112.4 qemu-block-rbd-5.2.0-150300.112.4 qemu-block-ssh-5.2.0-150300.112.4 qemu-chardev-baum-5.2.0-150300.112.4 qemu-chardev-spice-5.2.0-150300.112.4 qemu-extra-5.2.0-150300.112.4 qemu-guest-agent-5.2.0-150300.112.4 qemu-hw-display-qxl-5.2.0-150300.112.4 qemu-hw-display-virtio-gpu-5.2.0-150300.112.4 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.112.4 qemu-hw-display-virtio-vga-5.2.0-150300.112.4 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.112.4 qemu-hw-usb-redirect-5.2.0-150300.112.4 qemu-hw-usb-smartcard-5.2.0-150300.112.4 qemu-ipxe-1.0.0+-150300.112.4 qemu-ivshmem-tools-5.2.0-150300.112.4 qemu-ksm-5.2.0-150300.112.4 qemu-kvm-5.2.0-150300.112.4 qemu-lang-5.2.0-150300.112.4 qemu-linux-user-5.2.0-150300.112.3 qemu-microvm-5.2.0-150300.112.4 qemu-ppc-5.2.0-150300.112.4 qemu-s390x-5.2.0-150300.112.4 qemu-seabios-1.14.0_0_g155821a-150300.112.4 qemu-sgabios-8-150300.112.4 qemu-skiboot-5.2.0-150300.112.4 qemu-testsuite-5.2.0-150300.112.7 qemu-tools-5.2.0-150300.112.4 qemu-ui-curses-5.2.0-150300.112.4 qemu-ui-gtk-5.2.0-150300.112.4 qemu-ui-opengl-5.2.0-150300.112.4 qemu-ui-spice-app-5.2.0-150300.112.4 qemu-ui-spice-core-5.2.0-150300.112.4 qemu-vgabios-1.14.0_0_g155821a-150300.112.4 qemu-vhost-user-gpu-5.2.0-150300.112.4 qemu-x86-5.2.0-150300.112.4 qemu-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-SLOF-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-arm-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-audio-alsa-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-audio-pa-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-audio-spice-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-curl-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-dmg-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-gluster-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-iscsi-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-nfs-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-rbd-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-block-ssh-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-chardev-baum-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-chardev-spice-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-extra-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-guest-agent-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-display-qxl-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-display-virtio-gpu-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-display-virtio-vga-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-usb-redirect-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-hw-usb-smartcard-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ipxe-1.0.0+-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ivshmem-tools-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ksm-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-kvm-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-lang-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-linux-user-5.2.0-150300.112.3 as a component of openSUSE Leap 15.3 qemu-microvm-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ppc-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-s390x-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-seabios-1.14.0_0_g155821a-150300.112.4 as a component of openSUSE Leap 15.3 qemu-sgabios-8-150300.112.4 as a component of openSUSE Leap 15.3 qemu-skiboot-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-testsuite-5.2.0-150300.112.7 as a component of openSUSE Leap 15.3 qemu-tools-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ui-curses-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ui-gtk-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ui-opengl-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ui-spice-app-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-ui-spice-core-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-vgabios-1.14.0_0_g155821a-150300.112.4 as a component of openSUSE Leap 15.3 qemu-vhost-user-gpu-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 qemu-x86-5.2.0-150300.112.4 as a component of openSUSE Leap 15.3 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. CVE-2021-3930 openSUSE Leap 15.3:qemu-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-SLOF-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-arm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-audio-alsa-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-audio-pa-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-audio-spice-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-curl-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-dmg-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-gluster-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-iscsi-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-nfs-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-rbd-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-ssh-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-chardev-baum-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-chardev-spice-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-extra-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-guest-agent-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-qxl-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-virtio-gpu-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-virtio-gpu-pci-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-virtio-vga-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-usb-redirect-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-usb-smartcard-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ipxe-1.0.0+-150300.112.4 openSUSE Leap 15.3:qemu-ivshmem-tools-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ksm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-kvm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-lang-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-linux-user-5.2.0-150300.112.3 openSUSE Leap 15.3:qemu-microvm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ppc-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-s390x-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-seabios-1.14.0_0_g155821a-150300.112.4 openSUSE Leap 15.3:qemu-sgabios-8-150300.112.4 openSUSE Leap 15.3:qemu-skiboot-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-testsuite-5.2.0-150300.112.7 openSUSE Leap 15.3:qemu-tools-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-curses-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-gtk-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-opengl-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-spice-app-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-spice-core-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-vgabios-1.14.0_0_g155821a-150300.112.4 openSUSE Leap 15.3:qemu-vhost-user-gpu-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-x86-5.2.0-150300.112.4 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VFLDWSRMX7BN3NXC6GXAFPJLCC5D5KIJ/ https://www.suse.com/security/cve/CVE-2021-3930.html CVE-2021-3930 https://bugzilla.suse.com/1192525 SUSE Bug 1192525 https://bugzilla.suse.com/1192526 SUSE Bug 1192526 A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. CVE-2022-0358 openSUSE Leap 15.3:qemu-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-SLOF-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-arm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-audio-alsa-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-audio-pa-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-audio-spice-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-curl-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-dmg-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-gluster-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-iscsi-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-nfs-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-rbd-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-block-ssh-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-chardev-baum-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-chardev-spice-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-extra-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-guest-agent-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-qxl-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-virtio-gpu-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-virtio-gpu-pci-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-display-virtio-vga-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-usb-redirect-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-hw-usb-smartcard-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ipxe-1.0.0+-150300.112.4 openSUSE Leap 15.3:qemu-ivshmem-tools-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ksm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-kvm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-lang-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-linux-user-5.2.0-150300.112.3 openSUSE Leap 15.3:qemu-microvm-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ppc-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-s390x-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-seabios-1.14.0_0_g155821a-150300.112.4 openSUSE Leap 15.3:qemu-sgabios-8-150300.112.4 openSUSE Leap 15.3:qemu-skiboot-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-testsuite-5.2.0-150300.112.7 openSUSE Leap 15.3:qemu-tools-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-curses-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-gtk-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-opengl-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-spice-app-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-ui-spice-core-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-vgabios-1.14.0_0_g155821a-150300.112.4 openSUSE Leap 15.3:qemu-vhost-user-gpu-5.2.0-150300.112.4 openSUSE Leap 15.3:qemu-x86-5.2.0-150300.112.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VFLDWSRMX7BN3NXC6GXAFPJLCC5D5KIJ/ https://www.suse.com/security/cve/CVE-2022-0358.html CVE-2022-0358 https://bugzilla.suse.com/1195161 SUSE Bug 1195161