qemu-kvm-7.0.0-13.el9
エラータID: AXSA:2023-4972:01
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0).
Security Fix(es):
* QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)
* QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)
* QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)
* QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-3507
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
CVE-2021-3750
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Update packages.
A heap buffer overflow was found in the floppy disk emulator of QEMU. It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host.
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
N/A
SRPMS
- qemu-kvm-7.0.0-13.el9.src.rpm
MD5: c30b013f52ed20fb7b8e9f3d2af1102e
SHA-256: cc837416997a7ee875f8655db4cc89cd775af167f76db3a2689a8b54e5c09043
Size: 119.72 MB
Asianux Server 9 for x86_64
- qemu-guest-agent-7.0.0-13.el9.x86_64.rpm
MD5: e660a31110de8bc0de6d0d6590149591
SHA-256: c81612612c97736da5f175d6e3f8dcabc39795c867263b5fbaf0c46149b2d00a
Size: 444.82 kB - qemu-img-7.0.0-13.el9.x86_64.rpm
MD5: 37e8200c7c97d8f783e40f8a5dad6f02
SHA-256: 3606e812d2e6ec4a59b41d1db1c0b9f072b72d2e13786f3040bce639a4b7b1af
Size: 2.20 MB - qemu-kvm-7.0.0-13.el9.x86_64.rpm
MD5: cd82aeaac2ac40466e35534c5b6d1f36
SHA-256: 58af443d7e594a49951a625eec091daa898eda734cc70728937e9a7be695aaff
Size: 66.96 kB - qemu-kvm-audio-pa-7.0.0-13.el9.x86_64.rpm
MD5: c392ec8159a757325fae1f2f371ad62e
SHA-256: d4bca2700ee673909b3b54baa99b30b86990baa12a947289d4f5d1176ecd2a1a
Size: 76.00 kB - qemu-kvm-block-curl-7.0.0-13.el9.x86_64.rpm
MD5: 2ffe9af254517c31e998a27469495217
SHA-256: 13b55475044b3125159634932696f8ebc51c40c41b524ebb80adc80ac8103786
Size: 78.31 kB - qemu-kvm-block-rbd-7.0.0-13.el9.x86_64.rpm
MD5: ad0d63d107cd10771119e8c6fea31b30
SHA-256: 0e7ec74013348f17e337605385839ddefe40270815fef25a4d8887ca9cbba34a
Size: 81.22 kB - qemu-kvm-common-7.0.0-13.el9.x86_64.rpm
MD5: c041522029f55935da723d61eaa993ca
SHA-256: a4cda24f7bfe10165a1cd425ef869d0a48de5d2e032fe566b430021d24bd65d2
Size: 648.64 kB - qemu-kvm-core-7.0.0-13.el9.x86_64.rpm
MD5: c0ba478da40acdca79a57d7320bde82f
SHA-256: 2857b817f7e623f7cc9b475f40b75157abf8cc680c4edeaa20c599144871def1
Size: 4.02 MB - qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.x86_64.rpm
MD5: fc33c4810d46964703943771f2c630b2
SHA-256: 9fa20632ae4858fdc30bf77a16be88de9f901001ca70a05defe37dccfbdc7335
Size: 86.22 kB - qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.x86_64.rpm
MD5: 0ce4f266815c742b8e9d6e8127d6e02a
SHA-256: c55e5d9ef4a893d510b1c1632da631ca5531c93b7ca64b692c3fd272ab6ea61a
Size: 69.53 kB - qemu-kvm-device-display-virtio-gpu-pci-7.0.0-13.el9.x86_64.rpm
MD5: 94f077c93c9e38a12d37e8138c0f52e4
SHA-256: bc34d2ed1b6de2c2e0134951e0ec74f5fc89769c2d57256372b3e88abfc40846
Size: 70.87 kB - qemu-kvm-device-display-virtio-gpu-pci-gl-7.0.0-13.el9.x86_64.rpm
MD5: cadd5f074f5f49ada4d20dafc79c6762
SHA-256: e5e38eb2c3f3f1e4cbc42b807cddec4b661f79a6400229eb686fe23440d2bc59
Size: 69.56 kB - qemu-kvm-device-display-virtio-vga-7.0.0-13.el9.x86_64.rpm
MD5: ad3e89c6b5793c37784844ecbe99e864
SHA-256: bfa1ec26a67f6d3c31a8f8df5c2f623ce5eeacc83057f91a047934354e518763
Size: 72.04 kB - qemu-kvm-device-display-virtio-vga-gl-7.0.0-13.el9.x86_64.rpm
MD5: c5ef609b7d08f83c22639f6a51b8c4d1
SHA-256: fcf65c206bf81ac3b546abd0808f7d6983bc9cb136e5cc991d9b03aa0d230e13
Size: 69.53 kB - qemu-kvm-device-usb-host-7.0.0-13.el9.x86_64.rpm
MD5: 9262d744b3645c83854332f76d2ef597
SHA-256: 72e88005e7dcd93fa919c8ac516262f5497f8eabb2f64171713990856b8cc29d
Size: 85.15 kB - qemu-kvm-device-usb-redirect-7.0.0-13.el9.x86_64.rpm
MD5: 33fb25c0a774c6bf3b15f99dbfd7a264
SHA-256: 73a849e3fc1f5511b188dd9612c634da1ecf253b865c7dab6c41475eea2d8023
Size: 90.40 kB - qemu-kvm-docs-7.0.0-13.el9.x86_64.rpm
MD5: 272585797db1278b3ba27a17ba9ddf81
SHA-256: 6ce5b0cca02c183644164e9297b8dc237fb6f79b51fdd45ef2145e7149601c82
Size: 1.03 MB - qemu-kvm-tools-7.0.0-13.el9.x86_64.rpm
MD5: ef7a58f888bb015de9a453e509b4fb51
SHA-256: 3d4fac47543a452eba9fc36db0b6055be721c4cffb9b5be97f99b9f6f27488d7
Size: 560.55 kB - qemu-kvm-ui-egl-headless-7.0.0-13.el9.x86_64.rpm
MD5: f5b08a8db1faa34245ffbfc807461b90
SHA-256: 474b0e369bb8727074a9476332205783ada7b0938039dfbcffe56dc6d6679b11
Size: 71.83 kB - qemu-kvm-ui-opengl-7.0.0-13.el9.x86_64.rpm
MD5: 6db90cf8125a7b7c65eefb76a6d8c8b5
SHA-256: 8dd0c46741a90509ae7e6626df9e2655f11e10cf89816210de183242b4c9a835
Size: 77.45 kB - qemu-pr-helper-7.0.0-13.el9.x86_64.rpm
MD5: fd2df350188d683ea1c8b8af63fbb377
SHA-256: 0e4f44d08e4e2b0a545de5191d674cf06caf2fe05ddf95abe5dfc0220abb14ae
Size: 464.50 kB
日本語