Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3611 (GCVE-0-2021-3611)
Vulnerability from cvelistv5 – Published: 2022-05-11 15:23 – Updated: 2024-08-03 17:01
VLAI?
EPSS
Summary
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Severity ?
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1973784 | x_refsource_MISC |
| https://gitlab.com/qemu-project/qemu/-/issues/542 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022062… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QEMU versions prior to 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:10:47.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3611",
"datePublished": "2022-05-11T15:23:00.000Z",
"dateReserved": "2021-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-3611",
"date": "2026-05-25",
"epss": "0.00029",
"percentile": "0.08673"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0.0\", \"matchCriteriaId\": \"9D977C76-0598-40D0-BF46-0D987515764C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*\", \"matchCriteriaId\": \"3AA08768-75AF-4791-B229-AE938C780959\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. Un invitado malicioso podr\\u00eda usar este defecto para bloquear el proceso de QEMU en el host, resultando en una condici\\u00f3n de denegaci\\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este fallo afecta a las versiones de QEMU anteriores a 7.0.0\"}]",
"id": "CVE-2021-3611",
"lastModified": "2024-11-21T06:21:58.563",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-05-11T16:15:08.710",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1973784\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/qemu-project/qemu/-/issues/542\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-27\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0001/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1973784\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/qemu-project/qemu/-/issues/542\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3611\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-05-11T16:15:08.710\",\"lastModified\":\"2024-11-21T06:21:58.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. Un invitado malicioso podr\u00eda usar este defecto para bloquear el proceso de QEMU en el host, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este fallo afecta a las versiones de QEMU anteriores a 7.0.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0\",\"matchCriteriaId\":\"9D977C76-0598-40D0-BF46-0D987515764C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*\",\"matchCriteriaId\":\"3AA08768-75AF-4791-B229-AE938C780959\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1973784\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/qemu-project/qemu/-/issues/542\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-27\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220624-0001/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1973784\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/qemu-project/qemu/-/issues/542\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220624-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2024-AVI-0619
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | CF Deployment versions antérieures à 37.5.0 | ||
| VMware | N/A | VMware Tanzu Application Service for VMs versions 5.x antérieures à 5.0.8 | ||
| VMware | N/A | VMware Tanzu Application Service for VMs versions antérieures à 4.0.18+LTS-T | ||
| VMware | N/A | Isolation Segment versions 5.x antérieures à 5.0.8 | ||
| VMware | N/A | Isolation Segment versions antérieures à 4.0.18+LTS-T | ||
| VMware | N/A | Jammy Stemcells versions antérieures à 1.327 | ||
| VMware | N/A | Cflinuxfs4 versions antérieures à 1.69.0 | ||
| VMware | N/A | Operations Manager versions antérieures à 3.0.23+LTS-T |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CF Deployment versions ant\u00e9rieures \u00e0 37.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 5.x ant\u00e9rieures \u00e0 5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions ant\u00e9rieures \u00e0 4.0.18+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 5.x ant\u00e9rieures \u00e0 5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions ant\u00e9rieures \u00e0 4.0.18+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Jammy Stemcells versions ant\u00e9rieures \u00e0 1.327",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cflinuxfs4 versions ant\u00e9rieures \u00e0 1.69.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions ant\u00e9rieures \u00e0 3.0.23+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2023-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1544"
},
{
"name": "CVE-2023-40360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40360"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2023-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4135"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2022-4285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4285"
},
{
"name": "CVE-2023-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
},
{
"name": "CVE-2021-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3611"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2021-46174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46174"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2023-3180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3180"
},
{
"name": "CVE-2022-35205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35205"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2020-14394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14394"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2022-47015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47015"
},
{
"name": "CVE-2020-24165",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24165"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2020-19726",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19726"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2023-2861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
},
{
"name": "CVE-2018-17095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17095"
},
{
"name": "CVE-2021-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2023-3301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
},
{
"name": "CVE-2023-3354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3354"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2022-45703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45703"
},
{
"name": "CVE-2023-5088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
},
{
"name": "CVE-2023-42467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0619",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24798",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24798"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24805",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24805"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24799",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24799"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24808",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24808"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24807",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24807"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24810",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24810"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24809",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24809"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24804",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24804"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24806",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24806"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24795",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24795"
}
]
}
CERTFR-2024-AVI-0619
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | CF Deployment versions antérieures à 37.5.0 | ||
| VMware | N/A | VMware Tanzu Application Service for VMs versions 5.x antérieures à 5.0.8 | ||
| VMware | N/A | VMware Tanzu Application Service for VMs versions antérieures à 4.0.18+LTS-T | ||
| VMware | N/A | Isolation Segment versions 5.x antérieures à 5.0.8 | ||
| VMware | N/A | Isolation Segment versions antérieures à 4.0.18+LTS-T | ||
| VMware | N/A | Jammy Stemcells versions antérieures à 1.327 | ||
| VMware | N/A | Cflinuxfs4 versions antérieures à 1.69.0 | ||
| VMware | N/A | Operations Manager versions antérieures à 3.0.23+LTS-T |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CF Deployment versions ant\u00e9rieures \u00e0 37.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 5.x ant\u00e9rieures \u00e0 5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions ant\u00e9rieures \u00e0 4.0.18+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 5.x ant\u00e9rieures \u00e0 5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions ant\u00e9rieures \u00e0 4.0.18+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Jammy Stemcells versions ant\u00e9rieures \u00e0 1.327",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cflinuxfs4 versions ant\u00e9rieures \u00e0 1.69.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions ant\u00e9rieures \u00e0 3.0.23+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2023-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1544"
},
{
"name": "CVE-2023-40360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40360"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2023-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4135"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2022-4285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4285"
},
{
"name": "CVE-2023-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
},
{
"name": "CVE-2021-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3611"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2021-46174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46174"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2023-3180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3180"
},
{
"name": "CVE-2022-35205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35205"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2020-14394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14394"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2022-47015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47015"
},
{
"name": "CVE-2020-24165",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24165"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2020-19726",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19726"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2023-2861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
},
{
"name": "CVE-2018-17095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17095"
},
{
"name": "CVE-2021-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2023-3301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
},
{
"name": "CVE-2023-3354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3354"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2022-45703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45703"
},
{
"name": "CVE-2023-5088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
},
{
"name": "CVE-2023-42467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0619",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24798",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24798"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24805",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24805"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24799",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24799"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24808",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24808"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24807",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24807"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24810",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24810"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24809",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24809"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24804",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24804"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24806",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24806"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24795",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24795"
}
]
}
alsa-2022:7967
Vulnerability from osv_almalinux
Published
2022-11-15 00:00
Modified
2022-11-18 05:35
Summary
Moderate: qemu-kvm security, bug fix, and enhancement update
Details
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757)
Security Fix(es):
- QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)
- QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)
- QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)
- QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-guest-agent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-img"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-audio-pa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-block-curl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-block-rbd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-gpu-ccw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-gpu-gl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-gpu-pci"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-gpu-pci-gl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-vga"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-display-virtio-vga-gl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-usb-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-device-usb-redirect"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-ui-egl-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-kvm-ui-opengl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "qemu-pr-helper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17:7.0.0-13.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nThe following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757)\n\nSecurity Fix(es):\n\n* QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)\n* QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)\n* QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)\n* QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:7967",
"modified": "2022-11-18T05:35:34Z",
"published": "2022-11-15T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7967"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3507"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3611"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3750"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-4158"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1951118"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1973784"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1999073"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2035002"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-7967.html"
}
],
"related": [
"CVE-2021-3750",
"CVE-2021-3507",
"CVE-2021-3611",
"CVE-2021-4158"
],
"summary": "Moderate: qemu-kvm security, bug fix, and enhancement update"
}
BDU:2022-05645
Vulnerability from fstec - Published: 01.05.2022
VLAI Severity ?
Title
Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость эмулятора аппаратного обеспечения QEMU связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Red Hat Inc., Fabrice Bellard, АО "НППКТ", АО «ИВК»
Software Name
Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, QEMU, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10
Software Version
10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 8 Advanced Virtualization (Red Hat Enterprise Linux), 9 (Red Hat Enterprise Linux), до 7.0.0 (QEMU), 4.7 (Astra Linux Special Edition), до 2.6 (ОСОН ОСнова Оnyx), - (АЛЬТ СП 10)
Possible Mitigations
Использование рекомендаций:
Для QEMU:
https://gitlab.com/qemu-project/qemu/-/issues/542
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-3611
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2021-3611
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения qemu до версии 1:7.1+dfsg-2~bpo11+2osnova0
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://gitlab.com/qemu-project/qemu/-/issues/542
https://security-tracker.debian.org/tracker/CVE-2021-3611
https://access.redhat.com/security/cve/CVE-2021-3611
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/
https://altsp.su/obnovleniya-bezopasnosti/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-119, CWE-787
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Fabrice Bellard, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 8 Advanced Virtualization (Red Hat Enterprise Linux), 9 (Red Hat Enterprise Linux), \u0434\u043e 7.0.0 (QEMU), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f QEMU:\nhttps://gitlab.com/qemu-project/qemu/-/issues/542\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-3611\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-3611\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qemu \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:7.1+dfsg-2~bpo11+2osnova0\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.05.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05645",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-3611",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, QEMU, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041b\u042c\u0422 \u0421\u041f 10",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 Advanced Virtualization , Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://gitlab.com/qemu-project/qemu/-/issues/542\nhttps://security-tracker.debian.org/tracker/CVE-2021-3611\nhttps://access.redhat.com/security/cve/CVE-2021-3611\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
CNVD-2022-43227
Vulnerability from cnvd - Published: 2022-06-02
VLAI Severity ?
Title
QEMU缓冲区溢出漏洞(CNVD-2022-43227)
Description
QEMU(Quick Emulator)是法国法布里斯-贝拉(Fabrice Bellard)个人开发者的一套模拟处理器软件。该软件具有速度快、跨平台等特点。
QEMU 7.0.0之前版本存在缓冲区溢出漏洞,该漏洞源于QEMU 的 Intel HD Audio设备 (intel-hda)中存在缓冲区溢出问题。攻击者可以利用该漏洞使主机上的QEMU进程崩溃,从而导致拒绝服务。
Severity
低
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://gitlab.com/qemu-project/qemu/-/issues/542
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-3611
Impacted products
| Name | Qemu QEMU <7.0.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-3611",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3611"
}
},
"description": "QEMU\uff08Quick Emulator\uff09\u662f\u6cd5\u56fd\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\n\nQEMU 7.0.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eQEMU \u7684 Intel HD Audio\u8bbe\u5907 (intel-hda)\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u4e3b\u673a\u4e0a\u7684QEMU\u8fdb\u7a0b\u5d29\u6e83\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://gitlab.com/qemu-project/qemu/-/issues/542",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-43227",
"openTime": "2022-06-02",
"products": {
"product": "Qemu QEMU \u003c7.0.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3611",
"serverity": "\u4f4e",
"submitTime": "2022-05-30",
"title": "QEMU\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-43227\uff09"
}
FKIE_CVE-2021-3611
Vulnerability from fkie_nvd - Published: 2022-05-11 16:15 - Updated: 2024-11-21 06:21
Severity ?
Summary
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1973784 | Issue Tracking, Mitigation, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.com/qemu-project/qemu/-/issues/542 | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202208-27 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20220624-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1973784 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/qemu-project/qemu/-/issues/542 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-27 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220624-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qemu | qemu | * | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D977C76-0598-40D0-BF46-0D987515764C",
"versionEndExcluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. Un invitado malicioso podr\u00eda usar este defecto para bloquear el proceso de QEMU en el host, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este fallo afecta a las versiones de QEMU anteriores a 7.0.0"
}
],
"id": "CVE-2021-3611",
"lastModified": "2024-11-21T06:21:58.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T16:15:08.710",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-RJ8X-CP5P-J26R
Vulnerability from github – Published: 2022-05-12 00:01 – Updated: 2022-05-20 00:00
VLAI?
Details
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-3611"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.",
"id": "GHSA-rj8x-cp5p-j26r",
"modified": "2022-05-20T00:00:36Z",
"published": "2022-05-12T00:01:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3611"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:7967"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-3611"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"type": "WEB",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220624-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-3611
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3611",
"description": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.",
"id": "GSD-2021-3611",
"references": [
"https://www.suse.com/security/cve/CVE-2021-3611.html",
"https://security.archlinux.org/CVE-2021-3611",
"https://access.redhat.com/errata/RHSA-2022:7967"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3611"
],
"details": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.",
"id": "GSD-2021-3611",
"modified": "2023-12-13T01:23:35.298129Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "QEMU versions prior to 7.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-119",
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"name": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/issues/542",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220624-0001/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3611"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/issues/542",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220624-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
},
"lastModifiedDate": "2023-02-12T23:41Z",
"publishedDate": "2022-05-11T16:15Z"
}
}
}
MSRC_CVE-2021-3611
Vulnerability from csaf_microsoft - Published: 2022-05-02 00:00 - Updated: 2026-02-18 01:37Summary
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18533-16820 | — | ||
| Unresolved product id: 17093-17086 | — | ||
| Unresolved product id: 18233-17084 | — | ||
| Unresolved product id: 18535-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2021-3611.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.",
"tracking": {
"current_release_date": "2026-02-18T01:37:42.000Z",
"generator": {
"date": "2026-02-18T14:19:45.683Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-3611",
"initial_release_date": "2022-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T01:37:42.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 qemu-kvm 4.2.0-48",
"product": {
"name": "\u003ccm1 qemu-kvm 4.2.0-48",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 qemu-kvm 4.2.0-48",
"product": {
"name": "cm1 qemu-kvm 4.2.0-48",
"product_id": "18533"
}
}
],
"category": "product_name",
"name": "qemu-kvm"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 qemu 6.2.0-24",
"product": {
"name": "\u003ccbl2 qemu 6.2.0-24",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 qemu 6.2.0-24",
"product": {
"name": "cbl2 qemu 6.2.0-24",
"product_id": "17093"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 qemu 8.2.0-1",
"product": {
"name": "\u003cazl3 qemu 8.2.0-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 qemu 8.2.0-1",
"product": {
"name": "azl3 qemu 8.2.0-1",
"product_id": "18233"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 qemu 6.2.0-18",
"product": {
"name": "\u003cazl3 qemu 6.2.0-18",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 qemu 6.2.0-18",
"product": {
"name": "azl3 qemu 6.2.0-18",
"product_id": "18535"
}
}
],
"category": "product_name",
"name": "qemu"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 qemu-kvm 4.2.0-48 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 qemu-kvm 4.2.0-48 as a component of CBL Mariner 1.0",
"product_id": "18533-16820"
},
"product_reference": "18533",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 qemu 6.2.0-24 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 qemu 6.2.0-24 as a component of CBL Mariner 2.0",
"product_id": "17093-17086"
},
"product_reference": "17093",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 qemu 8.2.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 qemu 8.2.0-1 as a component of Azure Linux 3.0",
"product_id": "18233-17084"
},
"product_reference": "18233",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 qemu 6.2.0-18 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 qemu 6.2.0-18 as a component of Azure Linux 3.0",
"product_id": "18535-17084"
},
"product_reference": "18535",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3611",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18533-16820",
"17093-17086",
"18233-17084",
"18535-17084"
],
"known_affected": [
"16820-2",
"17086-4",
"17084-3",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2021-3611.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "4.2.0-48:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "6.2.0-24:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "8.2.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-4",
"17084-3",
"17084-1"
]
}
],
"title": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
}
]
}
OPENSUSE-SU-2021:1202-1
Vulnerability from csaf_opensuse - Published: 2021-08-26 16:06 - Updated: 2021-08-26 16:06Summary
Security update for qemu
Severity
Important
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3527: usb: unbounded stack allocation in usbredir (bsc#1186012)
- CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499)
- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)
- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)
- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)
- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)
- CVE-2021-3607: Ensure correct input on ring init (bsc#1187539)
- CVE-2021-3608: Fix the ring init error flow (bsc#1187538)
- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)
- CVE-2021-3682: usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145)
- CVE-2020-35503: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432)
- CVE-2020-35504,CVE-2020-35505,CVE-2020-35506: NULL pointer dereference in ESP (bsc#1180433 bsc#1180434 bsc#1180435)
- CVE-2021-20255: eepro100: stack overflow via infinite recursion (bsc#1182651)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-1202
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
68 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1180432 | self |
| https://bugzilla.suse.com/1180433 | self |
| https://bugzilla.suse.com/1180434 | self |
| https://bugzilla.suse.com/1180435 | self |
| https://bugzilla.suse.com/1182651 | self |
| https://bugzilla.suse.com/1186012 | self |
| https://bugzilla.suse.com/1187364 | self |
| https://bugzilla.suse.com/1187365 | self |
| https://bugzilla.suse.com/1187366 | self |
| https://bugzilla.suse.com/1187367 | self |
| https://bugzilla.suse.com/1187499 | self |
| https://bugzilla.suse.com/1187529 | self |
| https://bugzilla.suse.com/1187538 | self |
| https://bugzilla.suse.com/1187539 | self |
| https://bugzilla.suse.com/1189145 | self |
| https://www.suse.com/security/cve/CVE-2020-35503/ | self |
| https://www.suse.com/security/cve/CVE-2020-35504/ | self |
| https://www.suse.com/security/cve/CVE-2020-35505/ | self |
| https://www.suse.com/security/cve/CVE-2020-35506/ | self |
| https://www.suse.com/security/cve/CVE-2021-20255/ | self |
| https://www.suse.com/security/cve/CVE-2021-3527/ | self |
| https://www.suse.com/security/cve/CVE-2021-3582/ | self |
| https://www.suse.com/security/cve/CVE-2021-3592/ | self |
| https://www.suse.com/security/cve/CVE-2021-3593/ | self |
| https://www.suse.com/security/cve/CVE-2021-3594/ | self |
| https://www.suse.com/security/cve/CVE-2021-3595/ | self |
| https://www.suse.com/security/cve/CVE-2021-3607/ | self |
| https://www.suse.com/security/cve/CVE-2021-3608/ | self |
| https://www.suse.com/security/cve/CVE-2021-3611/ | self |
| https://www.suse.com/security/cve/CVE-2021-3682/ | self |
| https://www.suse.com/security/cve/CVE-2020-35503 | external |
| https://bugzilla.suse.com/1180432 | external |
| https://www.suse.com/security/cve/CVE-2020-35504 | external |
| https://bugzilla.suse.com/1180433 | external |
| https://www.suse.com/security/cve/CVE-2020-35505 | external |
| https://bugzilla.suse.com/1180434 | external |
| https://www.suse.com/security/cve/CVE-2020-35506 | external |
| https://bugzilla.suse.com/1180435 | external |
| https://www.suse.com/security/cve/CVE-2021-20255 | external |
| https://bugzilla.suse.com/1182651 | external |
| https://bugzilla.suse.com/1182654 | external |
| https://www.suse.com/security/cve/CVE-2021-3527 | external |
| https://bugzilla.suse.com/1186012 | external |
| https://www.suse.com/security/cve/CVE-2021-3582 | external |
| https://bugzilla.suse.com/1187499 | external |
| https://www.suse.com/security/cve/CVE-2021-3592 | external |
| https://bugzilla.suse.com/1187364 | external |
| https://bugzilla.suse.com/1187369 | external |
| https://www.suse.com/security/cve/CVE-2021-3593 | external |
| https://bugzilla.suse.com/1187365 | external |
| https://www.suse.com/security/cve/CVE-2021-3594 | external |
| https://bugzilla.suse.com/1187367 | external |
| https://www.suse.com/security/cve/CVE-2021-3595 | external |
| https://bugzilla.suse.com/1187366 | external |
| https://bugzilla.suse.com/1187376 | external |
| https://www.suse.com/security/cve/CVE-2021-3607 | external |
| https://bugzilla.suse.com/1187539 | external |
| https://www.suse.com/security/cve/CVE-2021-3608 | external |
| https://bugzilla.suse.com/1187538 | external |
| https://www.suse.com/security/cve/CVE-2021-3611 | external |
| https://bugzilla.suse.com/1187529 | external |
| https://bugzilla.suse.com/1193914 | external |
| https://www.suse.com/security/cve/CVE-2021-3682 | external |
| https://bugzilla.suse.com/1189145 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3527: usb: unbounded stack allocation in usbredir (bsc#1186012)\n- CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499)\n- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)\n- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)\n- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)\n- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)\n- CVE-2021-3607: Ensure correct input on ring init (bsc#1187539)\n- CVE-2021-3608: Fix the ring init error flow (bsc#1187538)\n- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)\n- CVE-2021-3682: usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145)\n- CVE-2020-35503: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432)\n- CVE-2020-35504,CVE-2020-35505,CVE-2020-35506: NULL pointer dereference in ESP (bsc#1180433 bsc#1180434 bsc#1180435)\n- CVE-2021-20255: eepro100: stack overflow via infinite recursion (bsc#1182651)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1202",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1202-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1202-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XTOHNMISPT4N5NUXQJPKV5LQNNGSMFI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1202-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XTOHNMISPT4N5NUXQJPKV5LQNNGSMFI/"
},
{
"category": "self",
"summary": "SUSE Bug 1180432",
"url": "https://bugzilla.suse.com/1180432"
},
{
"category": "self",
"summary": "SUSE Bug 1180433",
"url": "https://bugzilla.suse.com/1180433"
},
{
"category": "self",
"summary": "SUSE Bug 1180434",
"url": "https://bugzilla.suse.com/1180434"
},
{
"category": "self",
"summary": "SUSE Bug 1180435",
"url": "https://bugzilla.suse.com/1180435"
},
{
"category": "self",
"summary": "SUSE Bug 1182651",
"url": "https://bugzilla.suse.com/1182651"
},
{
"category": "self",
"summary": "SUSE Bug 1186012",
"url": "https://bugzilla.suse.com/1186012"
},
{
"category": "self",
"summary": "SUSE Bug 1187364",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "self",
"summary": "SUSE Bug 1187365",
"url": "https://bugzilla.suse.com/1187365"
},
{
"category": "self",
"summary": "SUSE Bug 1187366",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "self",
"summary": "SUSE Bug 1187367",
"url": "https://bugzilla.suse.com/1187367"
},
{
"category": "self",
"summary": "SUSE Bug 1187499",
"url": "https://bugzilla.suse.com/1187499"
},
{
"category": "self",
"summary": "SUSE Bug 1187529",
"url": "https://bugzilla.suse.com/1187529"
},
{
"category": "self",
"summary": "SUSE Bug 1187538",
"url": "https://bugzilla.suse.com/1187538"
},
{
"category": "self",
"summary": "SUSE Bug 1187539",
"url": "https://bugzilla.suse.com/1187539"
},
{
"category": "self",
"summary": "SUSE Bug 1189145",
"url": "https://bugzilla.suse.com/1189145"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35503 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35504 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35505 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35506 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20255 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3527 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3582 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3592 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3593 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3594 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3595 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3607 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3608 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3611 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3682 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3682/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2021-08-26T16:06:03Z",
"generator": {
"date": "2021-08-26T16:06:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1202-1",
"initial_release_date": "2021-08-26T16:06:03Z",
"revision_history": [
{
"date": "2021-08-26T16:06:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-lp152.9.20.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"product": {
"name": "qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"product_id": "qemu-microvm-4.2.1-lp152.9.20.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"product": {
"name": "qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"product_id": "qemu-seabios-1.12.1+-lp152.9.20.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-lp152.9.20.1.noarch",
"product": {
"name": "qemu-sgabios-8-lp152.9.20.1.noarch",
"product_id": "qemu-sgabios-8-lp152.9.20.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"product": {
"name": "qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"product_id": "qemu-vgabios-1.12.1+-lp152.9.20.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-arm-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-curl-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-extra-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-ksm-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-kvm-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-lang-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-linux-user-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-ppc-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-s390-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-testsuite-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-tools-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-lp152.9.20.1.x86_64",
"product": {
"name": "qemu-x86-4.2.1-lp152.9.20.1.x86_64",
"product_id": "qemu-x86-4.2.1-lp152.9.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-extra-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-lp152.9.20.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ksm-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-linux-user-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-microvm-4.2.1-lp152.9.20.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch"
},
"product_reference": "qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.1+-lp152.9.20.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch"
},
"product_reference": "qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-lp152.9.20.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch"
},
"product_reference": "qemu-sgabios-8-lp152.9.20.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-testsuite-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.1+-lp152.9.20.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch"
},
"product_reference": "qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-4.2.1-lp152.9.20.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
},
"product_reference": "qemu-x86-4.2.1-lp152.9.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35503"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35503",
"url": "https://www.suse.com/security/cve/CVE-2020-35503"
},
{
"category": "external",
"summary": "SUSE Bug 1180432 for CVE-2020-35503",
"url": "https://bugzilla.suse.com/1180432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "moderate"
}
],
"title": "CVE-2020-35503"
},
{
"cve": "CVE-2020-35504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35504"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35504",
"url": "https://www.suse.com/security/cve/CVE-2020-35504"
},
{
"category": "external",
"summary": "SUSE Bug 1180433 for CVE-2020-35504",
"url": "https://bugzilla.suse.com/1180433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "moderate"
}
],
"title": "CVE-2020-35504"
},
{
"cve": "CVE-2020-35505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35505"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the \u0027Information Transfer\u0027 command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35505",
"url": "https://www.suse.com/security/cve/CVE-2020-35505"
},
{
"category": "external",
"summary": "SUSE Bug 1180434 for CVE-2020-35505",
"url": "https://bugzilla.suse.com/1180434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "moderate"
}
],
"title": "CVE-2020-35505"
},
{
"cve": "CVE-2020-35506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35506"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the \u0027Information Transfer\u0027 command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35506",
"url": "https://www.suse.com/security/cve/CVE-2020-35506"
},
{
"category": "external",
"summary": "SUSE Bug 1180435 for CVE-2020-35506",
"url": "https://bugzilla.suse.com/1180435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "moderate"
}
],
"title": "CVE-2020-35506"
},
{
"cve": "CVE-2021-20255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20255"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20255",
"url": "https://www.suse.com/security/cve/CVE-2021-20255"
},
{
"category": "external",
"summary": "SUSE Bug 1182651 for CVE-2021-20255",
"url": "https://bugzilla.suse.com/1182651"
},
{
"category": "external",
"summary": "SUSE Bug 1182654 for CVE-2021-20255",
"url": "https://bugzilla.suse.com/1182654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-20255"
},
{
"cve": "CVE-2021-3527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3527"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3527",
"url": "https://www.suse.com/security/cve/CVE-2021-3527"
},
{
"category": "external",
"summary": "SUSE Bug 1186012 for CVE-2021-3527",
"url": "https://bugzilla.suse.com/1186012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3527"
},
{
"cve": "CVE-2021-3582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3582"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device. The issue occurs while handling a \"PVRDMA_CMD_CREATE_MR\" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3582",
"url": "https://www.suse.com/security/cve/CVE-2021-3582"
},
{
"category": "external",
"summary": "SUSE Bug 1187499 for CVE-2021-3582",
"url": "https://bugzilla.suse.com/1187499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3582"
},
{
"cve": "CVE-2021-3592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3592"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027bootp_t\u0027 structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3592",
"url": "https://www.suse.com/security/cve/CVE-2021-3592"
},
{
"category": "external",
"summary": "SUSE Bug 1187364 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "external",
"summary": "SUSE Bug 1187369 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3592"
},
{
"cve": "CVE-2021-3593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3593"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3593",
"url": "https://www.suse.com/security/cve/CVE-2021-3593"
},
{
"category": "external",
"summary": "SUSE Bug 1187365 for CVE-2021-3593",
"url": "https://bugzilla.suse.com/1187365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3593"
},
{
"cve": "CVE-2021-3594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3594"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3594",
"url": "https://www.suse.com/security/cve/CVE-2021-3594"
},
{
"category": "external",
"summary": "SUSE Bug 1187367 for CVE-2021-3594",
"url": "https://bugzilla.suse.com/1187367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3594"
},
{
"cve": "CVE-2021-3595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3595"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3595",
"url": "https://www.suse.com/security/cve/CVE-2021-3595"
},
{
"category": "external",
"summary": "SUSE Bug 1187366 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "external",
"summary": "SUSE Bug 1187376 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3595"
},
{
"cve": "CVE-2021-3607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3607"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3607",
"url": "https://www.suse.com/security/cve/CVE-2021-3607"
},
{
"category": "external",
"summary": "SUSE Bug 1187539 for CVE-2021-3607",
"url": "https://bugzilla.suse.com/1187539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3607"
},
{
"cve": "CVE-2021-3608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3608"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3608",
"url": "https://www.suse.com/security/cve/CVE-2021-3608"
},
{
"category": "external",
"summary": "SUSE Bug 1187538 for CVE-2021-3608",
"url": "https://bugzilla.suse.com/1187538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "low"
}
],
"title": "CVE-2021-3608"
},
{
"cve": "CVE-2021-3611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3611"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3611",
"url": "https://www.suse.com/security/cve/CVE-2021-3611"
},
{
"category": "external",
"summary": "SUSE Bug 1187529 for CVE-2021-3611",
"url": "https://bugzilla.suse.com/1187529"
},
{
"category": "external",
"summary": "SUSE Bug 1193914 for CVE-2021-3611",
"url": "https://bugzilla.suse.com/1193914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "moderate"
}
],
"title": "CVE-2021-3611"
},
{
"cve": "CVE-2021-3682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3682"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3682",
"url": "https://www.suse.com/security/cve/CVE-2021-3682"
},
{
"category": "external",
"summary": "SUSE Bug 1189145 for CVE-2021-3682",
"url": "https://bugzilla.suse.com/1189145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.20.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.20.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-26T16:06:03Z",
"details": "moderate"
}
],
"title": "CVE-2021-3682"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…