qemu-kvm-7.2.0-14.el9

エラータID: AXSA:2023-5713:03

Release date: 
Wednesday, May 31, 2023 - 20:41
Subject: 
qemu-kvm-7.2.0-14.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

The following packages have been upgraded to a later upstream version: qemu-kvm (7.2.0).

Security Fix(es):

* QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion (CVE-2022-3165)
* QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record (CVE-2022-4172)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-4172
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Solution: 

Update packages.

CVEs: 
CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-4172
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
Additional Info: 

N/A

Download: 

SRPMS
  1. qemu-kvm-7.2.0-14.el9.src.rpm
    MD5: 8db63b9be4bb3ac4b71475c9f75f7a2b
    SHA-256: 17ec43d472a381fda13aa4e2aab4c6e3b7855b62ca3c5e9338f0b60f656fc32c
    Size: 117.12 MB

Asianux Server 9 for x86_64
  1. qemu-guest-agent-7.2.0-14.el9.x86_64.rpm
    MD5: eeb3df862155b3237a4fe3a49ebb12be
    SHA-256: 593c416f12ac0074719a806460822567bc68a2294611e775947f8bbdff44487d
    Size: 459.29 kB
  2. qemu-img-7.2.0-14.el9.x86_64.rpm
    MD5: aa44db819982d392690dd489a2d6afd2
    SHA-256: 41f86520a920c435cf549fe10c403a6944ce9e12d667855319dd26280055ac24
    Size: 2.26 MB
  3. qemu-kvm-7.2.0-14.el9.x86_64.rpm
    MD5: ad35972ec59e077b7a79b5146959c361
    SHA-256: 9d5abc87777dddea42518996ff8c6a35c479b69800c90bf0a9f025d7206d0e7a
    Size: 60.56 kB
  4. qemu-kvm-audio-pa-7.2.0-14.el9.x86_64.rpm
    MD5: 30d798c32bd286aff5254fde718e475f
    SHA-256: 769ec66cef4092a35048fc47e31e5aabc866cc1af357caf5b0f76551b71d27da
    Size: 69.79 kB
  5. qemu-kvm-block-curl-7.2.0-14.el9.x86_64.rpm
    MD5: 08bb38d9fab8a77db90db38933b66024
    SHA-256: 7c7d2819f9629fcf21234f9d7e3a8901edfb601f2c5cd358c12e714e16d8953a
    Size: 72.12 kB
  6. qemu-kvm-block-rbd-7.2.0-14.el9.x86_64.rpm
    MD5: 8a0830cbfd2275e299eb971bbabf2bcc
    SHA-256: 18e9d9a66430cf2b549aa5499c45a3ee8ddaf3d65dbbe22901c715d3592499b8
    Size: 75.19 kB
  7. qemu-kvm-common-7.2.0-14.el9.x86_64.rpm
    MD5: e993fef8da336abcb3776506f77c4836
    SHA-256: db89ce2502a124ad99691e0f8a062fa1ba1b6c446ca8c97d85bcd9f8d76d474b
    Size: 633.67 kB
  8. qemu-kvm-core-7.2.0-14.el9.x86_64.rpm
    MD5: 310c3f225bec8f4286d1c8804cf211ee
    SHA-256: 6186a1b614959bfbc58d5ea3e661b0c310ddc9ee8b0a1fe1e5ab3ccf9b7eb06f
    Size: 3.96 MB
  9. qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9.x86_64.rpm
    MD5: f7a8935b135308b4cdc7913be80f6961
    SHA-256: 5b285120220a62d3d01dc5b0bf21360db1a44378259ac56c225dfda9ed8ced84
    Size: 79.84 kB
  10. qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9.x86_64.rpm
    MD5: f828c88343099ec07aa5b7f930b671b4
    SHA-256: a98921f5f48997ae06fb02bad997bec959fa0d3ee7f1049736c4cc7f14c41c15
    Size: 64.72 kB
  11. qemu-kvm-device-display-virtio-vga-7.2.0-14.el9.x86_64.rpm
    MD5: ef99b467dace11df117f8a60c57f26c3
    SHA-256: 0bc5e115e5e672cd37516c5ddf627e62e885080d8fe213d3a0ceddc08461dd27
    Size: 66.11 kB
  12. qemu-kvm-device-usb-host-7.2.0-14.el9.x86_64.rpm
    MD5: 87a260961b25725e0686b11a6ab43301
    SHA-256: 5a1b185369b5994759c7de72262f6119f7289c8583669acfde6fe3007b3b3c47
    Size: 79.26 kB
  13. qemu-kvm-device-usb-redirect-7.2.0-14.el9.x86_64.rpm
    MD5: 1195c923acf8342003b2173a77ca0f1c
    SHA-256: c89b3cac32cbcd026f189d397467960a940fa86fe235562f8b3fa36b50cc7e3d
    Size: 84.12 kB
  14. qemu-kvm-docs-7.2.0-14.el9.x86_64.rpm
    MD5: b810026fd68d43662289e2c32f9130e8
    SHA-256: bdbb390edb2568c326df2a6e6e3bae7e6c80a7ec41e1f2843327073cc7e9d09a
    Size: 1.09 MB
  15. qemu-kvm-tools-7.2.0-14.el9.x86_64.rpm
    MD5: 48d56e473efe7579bb469af389aa08a3
    SHA-256: d3e4dcb787753290ba08d7ce44daef6f6970a554846660f3f7e5722e40ad60ad
    Size: 528.55 kB
  16. qemu-kvm-ui-egl-headless-7.2.0-14.el9.x86_64.rpm
    MD5: 6f38a9b02757bc2694f21507d1bb35ad
    SHA-256: ee22dce3456472c0f3bcd7600e97c58be5500d514f06f59c8b02747159dee5d7
    Size: 65.61 kB
  17. qemu-kvm-ui-opengl-7.2.0-14.el9.x86_64.rpm
    MD5: 0be576a6f2eb5acfd2e2f607ac974d26
    SHA-256: f4ba40d4e5fc041f554559b438e386ec27244a35ead74c8022ca8fe5fbcc63b3
    Size: 71.21 kB
  18. qemu-pr-helper-7.2.0-14.el9.x86_64.rpm
    MD5: 3c25c256c4b7297694bf804e5a9af27e
    SHA-256: 5a31e061d29e3deeb2084177b2a537b75ae06aa8fdfbd1a8d4e38e2ed67bf8b3
    Size: 470.64 kB