Vulnerability-Lookup

CVE-2021-3416 (GCVE-0-2021-3416)

Vulnerability from cvelistv5 – Published: 2021-03-18 19:53 – Updated: 2024-08-03 16:53

Summary

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Severity

No CVSS data available.

CWE

CWE-835

Assigner

redhat

References

6 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1932827	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-2021050…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-27	vendor-advisoryx_refsource_GENTOO
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	QEMU	Affected: versions up to and including 5.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
          },
          {
            "name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
          },
          {
            "name": "GLSA-202208-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-27"
          },
          {
            "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "versions up to and including 5.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-05T05:06:21.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
        },
        {
          "name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
        },
        {
          "name": "GLSA-202208-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-27"
        },
        {
          "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3416",
    "datePublished": "2021-03-18T19:53:29.000Z",
    "dateReserved": "2021-02-25T00:00:00.000Z",
    "dateUpdated": "2024-08-03T16:53:17.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-3416",
      "date": "2026-05-26",
      "epss": "6e-05",
      "percentile": "0.00346"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.0\", \"matchCriteriaId\": \"326C44E5-259C-47D1-B540-E153CD7C907C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"053C1B35-3869-41C2-9551-044182DE0A64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*\", \"matchCriteriaId\": \"3AA08768-75AF-4791-B229-AE938C780959\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluy\\u00e9ndola.\u0026#xa0;El problema ocurre en el modo loopback de una NIC en donde son omitidas las comprobaciones DMA reentrantes.\u0026#xa0;Un usuario y proceso invitado puede usar este fallo para consumir ciclos de CPU o bloquear el proceso QEMU en el host, resultando en un escenario DoS\"}]",
      "id": "CVE-2021-3416",
      "lastModified": "2024-11-21T06:21:27.260",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-03-18T20:15:13.300",
      "references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1932827\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-27\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210507-0002/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2021/02/26/1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1932827\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210507-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2021/02/26/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-3416\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-18T20:15:13.300\",\"lastModified\":\"2024-11-21T06:21:27.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluy\u00e9ndola.\u0026#xa0;El problema ocurre en el modo loopback de una NIC en donde son omitidas las comprobaciones DMA reentrantes.\u0026#xa0;Un usuario y proceso invitado puede usar este fallo para consumir ciclos de CPU o bloquear el proceso QEMU en el host, resultando en un escenario DoS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.0\",\"matchCriteriaId\":\"326C44E5-259C-47D1-B540-E153CD7C907C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"053C1B35-3869-41C2-9551-044182DE0A64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*\",\"matchCriteriaId\":\"3AA08768-75AF-4791-B229-AE938C780959\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1932827\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-27\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210507-0002/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2021/02/26/1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1932827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210507-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2021/02/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-485

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Citrix	Citrix Hypervisor	Citrix Hypervisor 8.2 LTSR sans le correctif de sécurité XS82E025

References

Title

Publication Time

CERTFR-2021-AVI-485

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Citrix	Citrix Hypervisor	Citrix Hypervisor 8.2 LTSR sans le correctif de sécurité XS82E025

References

Title

Publication Time

alsa-2021:3061

Vulnerability from osv_almalinux

Published

2021-08-10 11:58

Modified

2021-12-23 15:15

Summary

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Details

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

QEMU: msix: OOB access during mmio operations may lead to DoS (CVE-2020-13754)
hivex: Buffer overflow when provided invalid node key length (CVE-2021-3504)
QEMU: net: an assert failure via eth_get_gso_type (CVE-2020-27617)
QEMU: net: infinite loop in loopback mode may lead to stack overflow (CVE-2021-3416)
qemu: out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

cannot restart default network and firewalld: iptables: No chain/target/match by that name. (BZ#1958301)
RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) (BZ#1975679)

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2021-3061.html	ADVISORY
	https://vulners.com/cve/CVE-2020-13754	REPORT
	https://vulners.com/cve/CVE-2020-27617	REPORT
	https://vulners.com/cve/CVE-2021-20221	REPORT
	https://vulners.com/cve/CVE-2021-3416	REPORT
	https://vulners.com/cve/CVE-2021-3504	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libguestfs-winsupport"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libnbd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libnbd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libvirt-dbus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0-2.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libvirt-dbus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0-2.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdfuse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-bash-completion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-basic-filters"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-basic-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-curl-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-example-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-gzip-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-linuxdisk-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-python-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-ssh-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-vddk-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nbdkit-xz-filter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.2-4.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "perl-Sys-Virt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.0-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-libnbd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-libvirt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.0-1.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "seabios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.0-2.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "seabios-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.0-2.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "seavgabios-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.0-2.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "supermin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.19-10.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "supermin-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.19-10.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nSecurity Fix(es):\n\n* QEMU: msix: OOB access during mmio operations may lead to DoS (CVE-2020-13754)\n\n* hivex: Buffer overflow when provided invalid node key length (CVE-2021-3504)\n\n* QEMU: net: an assert failure via eth_get_gso_type (CVE-2020-27617)\n\n* QEMU: net: infinite loop in loopback mode may lead to stack overflow (CVE-2021-3416)\n\n* qemu: out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* cannot restart default network and firewalld: iptables: No chain/target/match by that name. (BZ#1958301)\n\n* RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) (BZ#1975679)",
  "id": "ALSA-2021:3061",
  "modified": "2021-12-23T15:15:26Z",
  "published": "2021-08-10T11:58:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-3061.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-13754"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-27617"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-20221"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3416"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3504"
    }
  ],
  "related": [
    "CVE-2020-13754",
    "CVE-2021-3504",
    "CVE-2020-27617",
    "CVE-2021-3416",
    "CVE-2021-20221"
  ],
  "summary": "Moderate: virt:rhel and virt-devel:rhel security and bug fix update"
}

BDU:2022-05839

Vulnerability from fstec - Published: 24.02.2021

Title

Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость эмулятора аппаратного обеспечения QEMU связана с выполнением цикла с недоступным условием выхода. Эксплуатация уязвимости позволяет нарушителю вызвать отказ в обслуживании

Severity


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, Fabrice Bellard, ООО «РусБИТех-Астра», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, QEMU, Astra Linux Special Edition (запись в едином реестре российских программ №369), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), до 5.2.0 включительно (QEMU), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Для QEMU: использование рекомендаций производителя: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-3416 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 Для ОСОН Основа: Обновление программного обеспечения qemu до версии 1:6.2+dfsg-3onyx0 Для ОС ОН «Стрелец»: Обновление программного обеспечения qemu до версии 1:2.8+dfsg.repack-6+deb9u16.osnova1

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1932827 https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html https://nvd.nist.gov/vuln/detail/CVE-2021-3416 https://security-tracker.debian.org/tracker/CVE-2021-3416 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-835

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fabrice Bellard, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), \u0434\u043e 5.2.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (QEMU), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f QEMU:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-3416\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qemu \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:6.2+dfsg-3onyx0\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qemu \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:2.8+dfsg.repack-6+deb9u16.osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.02.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05839",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-3416",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, QEMU, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.5  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430 (\u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b) (CWE-835)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827\nhttps://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed\nhttps://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html\nhttps://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3416\nhttps://security-tracker.debian.org/tracker/CVE-2021-3416\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-835",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)"
}

CNVD-2021-39778

Vulnerability from cnvd - Published: 2021-06-06

Title

QEMU堆栈溢出漏洞

Description

QEMU是一套模拟处理器软件。 QEMU存在安全漏洞，攻击者可利用该漏洞通过NIC环回模式触发致命错误，从而在主机系统上触发拒绝服务。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://bugzilla.redhat.com/show_bug.cgi?id=1932827

Reference

https://vigilance.fr/vulnerability/QEMU-denial-of-service-via-NIC-Loopback-Mode-34703

Impacted products

Name
QEMU QEMU <=5.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3416",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3416"
    }
  },
  "description": "QEMU\u662f\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\n\nQEMU\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7NIC\u73af\u56de\u6a21\u5f0f\u89e6\u53d1\u81f4\u547d\u9519\u8bef\uff0c\u4ece\u800c\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1932827",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-39778",
  "openTime": "2021-06-06",
  "products": {
    "product": "QEMU QEMU \u003c=5.2.0"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/QEMU-denial-of-service-via-NIC-Loopback-Mode-34703",
  "serverity": "\u4f4e",
  "submitTime": "2021-03-02",
  "title": "QEMU\u5806\u6808\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2021-3416

Vulnerability from fkie_nvd - Published: 2021-03-18 20:15 - Updated: 2024-11-21 06:21

Severity

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1932827	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202208-27	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20210507-0002/	Third Party Advisory
secalert@redhat.com	https://www.openwall.com/lists/oss-security/2021/02/26/1	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1932827	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202208-27	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210507-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2021/02/26/1	Mailing List, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
qemu	qemu	*
fedoraproject	fedora	33
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "326C44E5-259C-47D1-B540-E153CD7C907C",
              "versionEndIncluding": "5.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
              "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
              "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluy\u00e9ndola.\u0026#xa0;El problema ocurre en el modo loopback de una NIC en donde son omitidas las comprobaciones DMA reentrantes.\u0026#xa0;Un usuario y proceso invitado puede usar este fallo para consumir ciclos de CPU o bloquear el proceso QEMU en el host, resultando en un escenario DoS"
    }
  ],
  "id": "CVE-2021-3416",
  "lastModified": "2024-11-21T06:21:27.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-18T20:15:13.300",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-27"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-G3HX-JV57-3FFR

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-08-16 00:00

Details

Severity

6.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3416"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-18T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
  "id": "GHSA-g3hx-jv57-3ffr",
  "modified": "2022-08-16T00:00:42Z",
  "published": "2022-05-24T17:44:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3416"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:3061"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:3703"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2021-3416"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-27"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210507-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-3416

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-3416

Aliases

CVE-2021-3416

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-3416",
    "description": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
    "id": "GSD-2021-3416",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-3416.html",
      "https://access.redhat.com/errata/RHSA-2021:3703",
      "https://access.redhat.com/errata/RHSA-2021:3061",
      "https://ubuntu.com/security/CVE-2021-3416",
      "https://security.archlinux.org/CVE-2021-3416",
      "https://linux.oracle.com/cve/CVE-2021-3416.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3416"
      ],
      "details": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
      "id": "GSD-2021-3416",
      "modified": "2023-12-13T01:23:35.299123Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-3416",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "QEMU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "versions up to and including 5.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-835",
                "lang": "eng",
                "value": "CWE-835"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2021/02/26/1",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
          },
          {
            "name": "https://security.gentoo.org/glsa/202208-27",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202208-27"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210507-0002/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3416"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-835"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2021/02/26/1",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
            },
            {
              "name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210507-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
            },
            {
              "name": "GLSA-202208-27",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-27"
            },
            {
              "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.5,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2023-02-12T23:41Z",
      "publishedDate": "2021-03-18T20:15Z"
    }
  }
}

MSRC_CVE-2021-3416

Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2021-03-26 00:00

Summary

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2021-3416

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 4 products

Product	Identifier	Version	Remediation
Unresolved product id: 14331-12137		—
Unresolved product id: 14332-12137		—
Unresolved product id: 14333-12138		—
Unresolved product id: 14334-12138		—

Known affected 4 products

Product	Version	Remediation
Unresolved product id: 12137-4	—	Vendor Fix fix
Unresolved product id: 12137-3	—	Vendor Fix fix
Unresolved product id: 12138-2	—	Vendor Fix fix
Unresolved product id: 12138-1	—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-3416 A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-3416.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
    "tracking": {
      "current_release_date": "2021-03-26T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T21:50:22.137Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-3416",
      "initial_release_date": "2021-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-03-26T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0 x64",
                  "product_id": "12137"
                }
              },
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0 ARM",
                  "product_id": "12138"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cqemu-kvm-4.2.0-29.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-4.2.0-29.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14331-12137"
        },
        "product_reference": "14331",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cqemu-img-4.2.0-29.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-4.2.0-29.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14332-12137"
        },
        "product_reference": "14332",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cqemu-kvm-4.2.0-29.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-4.2.0-29.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14333-12138"
        },
        "product_reference": "14333",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cqemu-img-4.2.0-29.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-4.2.0-29.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14334-12138"
        },
        "product_reference": "14334",
        "relates_to_product_reference": "12138"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3416",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0026#39;Infinite Loop\u0026#39;)"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "14331-12137",
          "14332-12137",
          "14333-12138",
          "14334-12138"
        ],
        "known_affected": [
          "12137-4",
          "12137-3",
          "12138-2",
          "12138-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-3416 A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-3416.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-26T00:00:00.000Z",
          "details": "4.2.0-29:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "12137-4",
            "12137-3",
            "12138-2",
            "12138-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "temporalScore": 6.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "12137-4",
            "12137-3",
            "12138-2",
            "12138-1"
          ]
        }
      ],
      "title": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
    }
  ]
}

OPENSUSE-SU-2021:0600-1

Vulnerability from csaf_opensuse - Published: 2021-04-23 10:46 - Updated: 2021-04-23 10:46

Summary

Security update for qemu

Severity

Important

Notes

Title of the patch: Security update for qemu

Description of the patch: This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385) - CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934) - CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673) - CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684) - CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682) - CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174) - CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468) - CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108) - CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686) - CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612) - CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577) - CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968) - CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968) - CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400) - CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064) - Added a few more usability improvements for our git packaging workflow This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames: openSUSE-2021-600

CVE-2020-12829

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-15469

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25084

5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25624

5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25625

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2020-25723

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2020-27616

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2020-27617

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-27821

5.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-28916

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-29129

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2020-29130

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-29443

3.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-20257

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-3416

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64	—	Vendor Fix

Threats

Impact low

References

76 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1172385	self
https://bugzilla.suse.com/1173612	self
https://bugzilla.suse.com/1176673	self
https://bugzilla.suse.com/1176682	self
https://bugzilla.suse.com/1176684	self
https://bugzilla.suse.com/1178174	self
https://bugzilla.suse.com/1178400	self
https://bugzilla.suse.com/1178934	self
https://bugzilla.suse.com/1179466	self
https://bugzilla.suse.com/1179467	self
https://bugzilla.suse.com/1179468	self
https://bugzilla.suse.com/1179686	self
https://bugzilla.suse.com/1181108	self
https://bugzilla.suse.com/1182425	self
https://bugzilla.suse.com/1182577	self
https://bugzilla.suse.com/1182968	self
https://bugzilla.suse.com/1184064	self
https://www.suse.com/security/cve/CVE-2020-12829/	self
https://www.suse.com/security/cve/CVE-2020-15469/	self
https://www.suse.com/security/cve/CVE-2020-25084/	self
https://www.suse.com/security/cve/CVE-2020-25624/	self
https://www.suse.com/security/cve/CVE-2020-25625/	self
https://www.suse.com/security/cve/CVE-2020-25723/	self
https://www.suse.com/security/cve/CVE-2020-27616/	self
https://www.suse.com/security/cve/CVE-2020-27617/	self
https://www.suse.com/security/cve/CVE-2020-27821/	self
https://www.suse.com/security/cve/CVE-2020-28916/	self
https://www.suse.com/security/cve/CVE-2020-29129/	self
https://www.suse.com/security/cve/CVE-2020-29130/	self
https://www.suse.com/security/cve/CVE-2020-29443/	self
https://www.suse.com/security/cve/CVE-2021-20257/	self
https://www.suse.com/security/cve/CVE-2021-3416/	self
https://www.suse.com/security/cve/CVE-2020-12829	external
https://bugzilla.suse.com/1172385	external
https://www.suse.com/security/cve/CVE-2020-15469	external
https://bugzilla.suse.com/1173612	external
https://www.suse.com/security/cve/CVE-2020-25084	external
https://bugzilla.suse.com/1176673	external
https://www.suse.com/security/cve/CVE-2020-25624	external
https://bugzilla.suse.com/1176682	external
https://www.suse.com/security/cve/CVE-2020-25625	external
https://bugzilla.suse.com/1176684	external
https://www.suse.com/security/cve/CVE-2020-25723	external
https://bugzilla.suse.com/1178934	external
https://bugzilla.suse.com/1178935	external
https://www.suse.com/security/cve/CVE-2020-27616	external
https://bugzilla.suse.com/1178400	external
https://bugzilla.suse.com/1188609	external
https://www.suse.com/security/cve/CVE-2020-27617	external
https://bugzilla.suse.com/1178174	external
https://www.suse.com/security/cve/CVE-2020-27821	external
https://bugzilla.suse.com/1179686	external
https://www.suse.com/security/cve/CVE-2020-28916	external
https://bugzilla.suse.com/1178683	external
https://bugzilla.suse.com/1179468	external
https://www.suse.com/security/cve/CVE-2020-29129	external
https://bugzilla.suse.com/1179466	external
https://bugzilla.suse.com/1179467	external
https://bugzilla.suse.com/1179477	external
https://bugzilla.suse.com/1179484	external
https://www.suse.com/security/cve/CVE-2020-29130	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1179467	external
https://bugzilla.suse.com/1179477	external
https://www.suse.com/security/cve/CVE-2020-29443	external
https://bugzilla.suse.com/1181108	external
https://www.suse.com/security/cve/CVE-2021-20257	external
https://bugzilla.suse.com/1182577	external
https://bugzilla.suse.com/1182846	external
https://www.suse.com/security/cve/CVE-2021-3416	external
https://bugzilla.suse.com/1182968	external
https://bugzilla.suse.com/1186473	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for qemu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for qemu fixes the following issues:\n\n- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)\n- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)\n- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)\n- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)\n- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)\n- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)\n- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)\n- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)\n- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)\n- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)\n- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)\n- CVE-2021-3416:  Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)\n- CVE-2021-3416:  Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)\n- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)\n- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)\n- Added a few more usability improvements for our git packaging workflow\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-600",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0600-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0600-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATYM36RK6JXDXZ33F2KFHZHDZ3F3YD24/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0600-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATYM36RK6JXDXZ33F2KFHZHDZ3F3YD24/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172385",
        "url": "https://bugzilla.suse.com/1172385"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173612",
        "url": "https://bugzilla.suse.com/1173612"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176673",
        "url": "https://bugzilla.suse.com/1176673"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176682",
        "url": "https://bugzilla.suse.com/1176682"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176684",
        "url": "https://bugzilla.suse.com/1176684"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178174",
        "url": "https://bugzilla.suse.com/1178174"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178400",
        "url": "https://bugzilla.suse.com/1178400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178934",
        "url": "https://bugzilla.suse.com/1178934"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179466",
        "url": "https://bugzilla.suse.com/1179466"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179467",
        "url": "https://bugzilla.suse.com/1179467"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179468",
        "url": "https://bugzilla.suse.com/1179468"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179686",
        "url": "https://bugzilla.suse.com/1179686"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181108",
        "url": "https://bugzilla.suse.com/1181108"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182425",
        "url": "https://bugzilla.suse.com/1182425"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182577",
        "url": "https://bugzilla.suse.com/1182577"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182968",
        "url": "https://bugzilla.suse.com/1182968"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184064",
        "url": "https://bugzilla.suse.com/1184064"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12829 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12829/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15469 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15469/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25084 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25084/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25624 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25624/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25625 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25625/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25723 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25723/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27616 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27616/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27617 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27617/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27821 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27821/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28916 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28916/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29130 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29443 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29443/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20257 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20257/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3416 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3416/"
      }
    ],
    "title": "Security update for qemu",
    "tracking": {
      "current_release_date": "2021-04-23T10:46:42Z",
      "generator": {
        "date": "2021-04-23T10:46:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0600-1",
      "initial_release_date": "2021-04-23T10:46:42Z",
      "revision_history": [
        {
          "date": "2021-04-23T10:46:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
                "product": {
                  "name": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
                  "product_id": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-microvm-4.2.1-lp152.9.12.1.noarch",
                "product": {
                  "name": "qemu-microvm-4.2.1-lp152.9.12.1.noarch",
                  "product_id": "qemu-microvm-4.2.1-lp152.9.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
                "product": {
                  "name": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
                  "product_id": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-sgabios-8-lp152.9.12.1.noarch",
                "product": {
                  "name": "qemu-sgabios-8-lp152.9.12.1.noarch",
                  "product_id": "qemu-sgabios-8-lp152.9.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
                "product": {
                  "name": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
                  "product_id": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-arm-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-arm-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-arm-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-extra-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-extra-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-extra-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-lang-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-lang-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-lang-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-s390-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-s390-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-s390-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-tools-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-tools-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-tools-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-x86-4.2.1-lp152.9.12.1.x86_64",
                "product": {
                  "name": "qemu-x86-4.2.1-lp152.9.12.1.x86_64",
                  "product_id": "qemu-x86-4.2.1-lp152.9.12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-arm-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-arm-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-extra-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-extra-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch"
        },
        "product_reference": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-lang-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-lang-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-microvm-4.2.1-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch"
        },
        "product_reference": "qemu-microvm-4.2.1-lp152.9.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-s390-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-s390-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch"
        },
        "product_reference": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-sgabios-8-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch"
        },
        "product_reference": "qemu-sgabios-8-lp152.9.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-tools-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-tools-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch"
        },
        "product_reference": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-x86-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        },
        "product_reference": "qemu-x86-4.2.1-lp152.9.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12829",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12829"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12829",
          "url": "https://www.suse.com/security/cve/CVE-2020-12829"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172385 for CVE-2020-12829",
          "url": "https://bugzilla.suse.com/1172385"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12829"
    },
    {
      "cve": "CVE-2020-15469",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15469"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15469",
          "url": "https://www.suse.com/security/cve/CVE-2020-15469"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173612 for CVE-2020-15469",
          "url": "https://bugzilla.suse.com/1173612"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-15469"
    },
    {
      "cve": "CVE-2020-25084",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25084"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25084",
          "url": "https://www.suse.com/security/cve/CVE-2020-25084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176673 for CVE-2020-25084",
          "url": "https://bugzilla.suse.com/1176673"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25084"
    },
    {
      "cve": "CVE-2020-25624",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25624"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25624",
          "url": "https://www.suse.com/security/cve/CVE-2020-25624"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176682 for CVE-2020-25624",
          "url": "https://bugzilla.suse.com/1176682"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25624"
    },
    {
      "cve": "CVE-2020-25625",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25625"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25625",
          "url": "https://www.suse.com/security/cve/CVE-2020-25625"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176684 for CVE-2020-25625",
          "url": "https://bugzilla.suse.com/1176684"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-25625"
    },
    {
      "cve": "CVE-2020-25723",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25723"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25723",
          "url": "https://www.suse.com/security/cve/CVE-2020-25723"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178934 for CVE-2020-25723",
          "url": "https://bugzilla.suse.com/1178934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178935 for CVE-2020-25723",
          "url": "https://bugzilla.suse.com/1178935"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-25723"
    },
    {
      "cve": "CVE-2020-27616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27616",
          "url": "https://www.suse.com/security/cve/CVE-2020-27616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178400 for CVE-2020-27616",
          "url": "https://bugzilla.suse.com/1178400"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188609 for CVE-2020-27616",
          "url": "https://bugzilla.suse.com/1188609"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-27616"
    },
    {
      "cve": "CVE-2020-27617",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27617"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27617",
          "url": "https://www.suse.com/security/cve/CVE-2020-27617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178174 for CVE-2020-27617",
          "url": "https://bugzilla.suse.com/1178174"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27617"
    },
    {
      "cve": "CVE-2020-27821",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27821"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27821",
          "url": "https://www.suse.com/security/cve/CVE-2020-27821"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179686 for CVE-2020-27821",
          "url": "https://bugzilla.suse.com/1179686"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27821"
    },
    {
      "cve": "CVE-2020-28916",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28916"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28916",
          "url": "https://www.suse.com/security/cve/CVE-2020-28916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178683 for CVE-2020-28916",
          "url": "https://bugzilla.suse.com/1178683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179468 for CVE-2020-28916",
          "url": "https://bugzilla.suse.com/1179468"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28916"
    },
    {
      "cve": "CVE-2020-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29129",
          "url": "https://www.suse.com/security/cve/CVE-2020-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179466 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179467 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179477 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179477"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179484 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179484"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-29129"
    },
    {
      "cve": "CVE-2020-29130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29130",
          "url": "https://www.suse.com/security/cve/CVE-2020-29130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-29130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179467 for CVE-2020-29130",
          "url": "https://bugzilla.suse.com/1179467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179477 for CVE-2020-29130",
          "url": "https://bugzilla.suse.com/1179477"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-29130"
    },
    {
      "cve": "CVE-2020-29443",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29443"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29443",
          "url": "https://www.suse.com/security/cve/CVE-2020-29443"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181108 for CVE-2020-29443",
          "url": "https://bugzilla.suse.com/1181108"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-29443"
    },
    {
      "cve": "CVE-2021-20257",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20257"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20257",
          "url": "https://www.suse.com/security/cve/CVE-2021-20257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182577 for CVE-2021-20257",
          "url": "https://bugzilla.suse.com/1182577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182846 for CVE-2021-20257",
          "url": "https://bugzilla.suse.com/1182846"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20257"
    },
    {
      "cve": "CVE-2021-3416",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3416"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3416",
          "url": "https://www.suse.com/security/cve/CVE-2021-3416"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182968 for CVE-2021-3416",
          "url": "https://bugzilla.suse.com/1182968"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186473 for CVE-2021-3416",
          "url": "https://bugzilla.suse.com/1186473"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-23T10:46:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-3416"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-3416 (GCVE-0-2021-3416)

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature