Vulnerability from csaf_suse
Published
2021-04-22 16:07
Modified
2021-04-22 16:07
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386
- Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)
Patchnames
SUSE-2021-1305,SUSE-SLE-SERVER-12-SP2-BCL-2021-1305,SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1305,SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1305
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for qemu", title: "Title of the patch", }, { category: "description", text: "This update for qemu fixes the following issues:\n\n- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)\n- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)\n- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)\n- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)\n- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)\n- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)\n- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)\n- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)\n- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)\n- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)\n- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)\n- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)\n- Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467)\n- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386\n- Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)\n- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)\n- Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386)\n- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641)\n- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)\n- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)\n- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-1305,SUSE-SLE-SERVER-12-SP2-BCL-2021-1305,SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1305,SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1305", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1305-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:1305-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20211305-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:1305-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008671.html", }, { category: "self", summary: "SUSE Bug 1172383", url: "https://bugzilla.suse.com/1172383", }, { category: "self", summary: "SUSE Bug 1172384", url: "https://bugzilla.suse.com/1172384", }, { category: "self", summary: "SUSE Bug 1172385", url: "https://bugzilla.suse.com/1172385", }, { category: "self", summary: "SUSE Bug 1172386", url: "https://bugzilla.suse.com/1172386", }, { category: "self", summary: "SUSE Bug 1172478", url: "https://bugzilla.suse.com/1172478", }, { category: "self", summary: "SUSE Bug 1173612", url: "https://bugzilla.suse.com/1173612", }, { category: "self", summary: "SUSE Bug 1174386", url: "https://bugzilla.suse.com/1174386", }, { category: "self", summary: "SUSE Bug 1174641", url: "https://bugzilla.suse.com/1174641", }, { category: "self", summary: "SUSE Bug 1175441", url: "https://bugzilla.suse.com/1175441", }, { category: "self", summary: "SUSE Bug 1176673", url: "https://bugzilla.suse.com/1176673", }, { category: "self", summary: "SUSE Bug 1176682", url: "https://bugzilla.suse.com/1176682", }, { category: "self", summary: "SUSE Bug 1176684", url: "https://bugzilla.suse.com/1176684", }, { category: "self", summary: "SUSE Bug 1178174", url: "https://bugzilla.suse.com/1178174", }, { category: "self", summary: "SUSE Bug 1178934", url: "https://bugzilla.suse.com/1178934", }, { category: "self", summary: "SUSE Bug 1179467", url: "https://bugzilla.suse.com/1179467", }, { category: "self", summary: "SUSE Bug 1180523", url: "https://bugzilla.suse.com/1180523", }, { category: "self", summary: "SUSE Bug 1181108", url: "https://bugzilla.suse.com/1181108", }, { category: "self", summary: "SUSE Bug 1181639", url: "https://bugzilla.suse.com/1181639", }, { category: "self", summary: "SUSE Bug 1182137", url: "https://bugzilla.suse.com/1182137", }, { category: "self", summary: "SUSE Bug 1182425", url: "https://bugzilla.suse.com/1182425", }, { category: "self", summary: "SUSE Bug 1182577", url: "https://bugzilla.suse.com/1182577", }, { category: "self", summary: "SUSE Bug 1182968", url: "https://bugzilla.suse.com/1182968", }, { category: "self", summary: "SUSE CVE CVE-2020-11947 page", url: "https://www.suse.com/security/cve/CVE-2020-11947/", }, { category: "self", summary: "SUSE CVE CVE-2020-12829 page", url: "https://www.suse.com/security/cve/CVE-2020-12829/", }, { category: "self", summary: "SUSE CVE CVE-2020-13361 page", url: "https://www.suse.com/security/cve/CVE-2020-13361/", }, { category: "self", summary: "SUSE CVE CVE-2020-13362 page", url: "https://www.suse.com/security/cve/CVE-2020-13362/", }, { category: "self", summary: "SUSE CVE CVE-2020-13659 page", url: "https://www.suse.com/security/cve/CVE-2020-13659/", }, { category: "self", summary: "SUSE CVE CVE-2020-13765 page", url: "https://www.suse.com/security/cve/CVE-2020-13765/", }, { category: "self", summary: "SUSE CVE CVE-2020-14364 page", url: "https://www.suse.com/security/cve/CVE-2020-14364/", }, { category: "self", summary: "SUSE CVE CVE-2020-15469 page", url: "https://www.suse.com/security/cve/CVE-2020-15469/", }, { category: "self", summary: "SUSE CVE CVE-2020-15863 page", url: "https://www.suse.com/security/cve/CVE-2020-15863/", }, { category: "self", summary: "SUSE CVE CVE-2020-16092 page", url: "https://www.suse.com/security/cve/CVE-2020-16092/", }, { category: "self", summary: "SUSE CVE CVE-2020-25084 page", url: "https://www.suse.com/security/cve/CVE-2020-25084/", }, { category: "self", summary: "SUSE CVE CVE-2020-25624 page", url: "https://www.suse.com/security/cve/CVE-2020-25624/", }, { category: "self", summary: "SUSE CVE CVE-2020-25625 page", url: "https://www.suse.com/security/cve/CVE-2020-25625/", }, { category: "self", summary: "SUSE CVE CVE-2020-25723 page", url: "https://www.suse.com/security/cve/CVE-2020-25723/", }, { category: "self", summary: "SUSE CVE CVE-2020-27617 page", url: "https://www.suse.com/security/cve/CVE-2020-27617/", }, { category: "self", summary: "SUSE CVE CVE-2020-29130 page", url: "https://www.suse.com/security/cve/CVE-2020-29130/", }, { category: "self", summary: "SUSE CVE CVE-2020-29443 page", url: "https://www.suse.com/security/cve/CVE-2020-29443/", }, { category: "self", summary: "SUSE CVE CVE-2021-20181 page", url: "https://www.suse.com/security/cve/CVE-2021-20181/", }, { category: "self", summary: "SUSE CVE CVE-2021-20203 page", url: "https://www.suse.com/security/cve/CVE-2021-20203/", }, { category: "self", summary: "SUSE CVE CVE-2021-20257 page", url: "https://www.suse.com/security/cve/CVE-2021-20257/", }, { category: "self", summary: "SUSE CVE CVE-2021-3416 page", url: "https://www.suse.com/security/cve/CVE-2021-3416/", }, ], title: "Security update for qemu", tracking: { current_release_date: "2021-04-22T16:07:10Z", generator: { date: "2021-04-22T16:07:10Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:1305-1", initial_release_date: "2021-04-22T16:07:10Z", revision_history: [ { date: "2021-04-22T16:07:10Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "qemu-2.6.2-41.62.1.aarch64", product: { name: "qemu-2.6.2-41.62.1.aarch64", product_id: "qemu-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-arm-2.6.2-41.62.1.aarch64", product: { name: "qemu-arm-2.6.2-41.62.1.aarch64", product_id: "qemu-arm-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-block-curl-2.6.2-41.62.1.aarch64", product: { name: "qemu-block-curl-2.6.2-41.62.1.aarch64", product_id: "qemu-block-curl-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-block-dmg-2.6.2-41.62.1.aarch64", product: { name: "qemu-block-dmg-2.6.2-41.62.1.aarch64", product_id: "qemu-block-dmg-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-block-iscsi-2.6.2-41.62.1.aarch64", product: { name: "qemu-block-iscsi-2.6.2-41.62.1.aarch64", product_id: "qemu-block-iscsi-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-block-rbd-2.6.2-41.62.1.aarch64", product: { name: "qemu-block-rbd-2.6.2-41.62.1.aarch64", product_id: "qemu-block-rbd-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-block-ssh-2.6.2-41.62.1.aarch64", product: { name: "qemu-block-ssh-2.6.2-41.62.1.aarch64", product_id: "qemu-block-ssh-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-extra-2.6.2-41.62.1.aarch64", product: { name: "qemu-extra-2.6.2-41.62.1.aarch64", product_id: "qemu-extra-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-guest-agent-2.6.2-41.62.1.aarch64", product: { name: "qemu-guest-agent-2.6.2-41.62.1.aarch64", product_id: "qemu-guest-agent-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-lang-2.6.2-41.62.1.aarch64", product: { name: "qemu-lang-2.6.2-41.62.1.aarch64", product_id: "qemu-lang-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-linux-user-2.6.2-41.62.1.aarch64", product: { name: "qemu-linux-user-2.6.2-41.62.1.aarch64", product_id: "qemu-linux-user-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-ppc-2.6.2-41.62.1.aarch64", product: { name: "qemu-ppc-2.6.2-41.62.1.aarch64", product_id: "qemu-ppc-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-s390-2.6.2-41.62.1.aarch64", product: { name: "qemu-s390-2.6.2-41.62.1.aarch64", product_id: "qemu-s390-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-testsuite-2.6.2-41.62.1.aarch64", product: { name: "qemu-testsuite-2.6.2-41.62.1.aarch64", product_id: "qemu-testsuite-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-tools-2.6.2-41.62.1.aarch64", product: { name: "qemu-tools-2.6.2-41.62.1.aarch64", product_id: "qemu-tools-2.6.2-41.62.1.aarch64", }, }, { category: "product_version", name: "qemu-x86-2.6.2-41.62.1.aarch64", product: { name: "qemu-x86-2.6.2-41.62.1.aarch64", product_id: "qemu-x86-2.6.2-41.62.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "qemu-2.6.2-41.62.1.i586", product: { name: "qemu-2.6.2-41.62.1.i586", product_id: "qemu-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-arm-2.6.2-41.62.1.i586", product: { name: "qemu-arm-2.6.2-41.62.1.i586", product_id: "qemu-arm-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-block-curl-2.6.2-41.62.1.i586", product: { name: "qemu-block-curl-2.6.2-41.62.1.i586", product_id: "qemu-block-curl-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-block-dmg-2.6.2-41.62.1.i586", product: { name: "qemu-block-dmg-2.6.2-41.62.1.i586", product_id: "qemu-block-dmg-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-block-iscsi-2.6.2-41.62.1.i586", product: { name: "qemu-block-iscsi-2.6.2-41.62.1.i586", product_id: "qemu-block-iscsi-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-block-ssh-2.6.2-41.62.1.i586", product: { name: "qemu-block-ssh-2.6.2-41.62.1.i586", product_id: "qemu-block-ssh-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-extra-2.6.2-41.62.1.i586", product: { name: "qemu-extra-2.6.2-41.62.1.i586", product_id: "qemu-extra-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-guest-agent-2.6.2-41.62.1.i586", product: { name: "qemu-guest-agent-2.6.2-41.62.1.i586", product_id: "qemu-guest-agent-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-kvm-2.6.2-41.62.1.i586", product: { name: "qemu-kvm-2.6.2-41.62.1.i586", product_id: "qemu-kvm-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-lang-2.6.2-41.62.1.i586", product: { name: "qemu-lang-2.6.2-41.62.1.i586", product_id: "qemu-lang-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-linux-user-2.6.2-41.62.1.i586", product: { name: "qemu-linux-user-2.6.2-41.62.1.i586", product_id: "qemu-linux-user-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-ppc-2.6.2-41.62.1.i586", product: { name: "qemu-ppc-2.6.2-41.62.1.i586", product_id: "qemu-ppc-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-s390-2.6.2-41.62.1.i586", product: { name: "qemu-s390-2.6.2-41.62.1.i586", product_id: "qemu-s390-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-testsuite-2.6.2-41.62.1.i586", product: { name: "qemu-testsuite-2.6.2-41.62.1.i586", product_id: "qemu-testsuite-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-tools-2.6.2-41.62.1.i586", product: { name: "qemu-tools-2.6.2-41.62.1.i586", product_id: "qemu-tools-2.6.2-41.62.1.i586", }, }, { category: "product_version", name: "qemu-x86-2.6.2-41.62.1.i586", product: { name: "qemu-x86-2.6.2-41.62.1.i586", product_id: "qemu-x86-2.6.2-41.62.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "qemu-ipxe-1.0.0-41.62.1.noarch", product: { name: "qemu-ipxe-1.0.0-41.62.1.noarch", product_id: "qemu-ipxe-1.0.0-41.62.1.noarch", }, }, { category: "product_version", name: "qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", product: { name: "qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", product_id: "qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", }, }, { category: "product_version", name: "qemu-sgabios-8-41.62.1.noarch", product: { name: "qemu-sgabios-8-41.62.1.noarch", product_id: "qemu-sgabios-8-41.62.1.noarch", }, }, { category: "product_version", name: "qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", product: { name: "qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", product_id: "qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "qemu-2.6.2-41.62.1.ppc64le", product: { name: "qemu-2.6.2-41.62.1.ppc64le", product_id: "qemu-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-arm-2.6.2-41.62.1.ppc64le", product: { name: "qemu-arm-2.6.2-41.62.1.ppc64le", product_id: "qemu-arm-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-block-curl-2.6.2-41.62.1.ppc64le", product: { name: "qemu-block-curl-2.6.2-41.62.1.ppc64le", product_id: "qemu-block-curl-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-block-dmg-2.6.2-41.62.1.ppc64le", product: { name: "qemu-block-dmg-2.6.2-41.62.1.ppc64le", product_id: "qemu-block-dmg-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-block-iscsi-2.6.2-41.62.1.ppc64le", product: { name: "qemu-block-iscsi-2.6.2-41.62.1.ppc64le", product_id: "qemu-block-iscsi-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-block-ssh-2.6.2-41.62.1.ppc64le", product: { name: "qemu-block-ssh-2.6.2-41.62.1.ppc64le", product_id: "qemu-block-ssh-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-extra-2.6.2-41.62.1.ppc64le", product: { name: "qemu-extra-2.6.2-41.62.1.ppc64le", product_id: "qemu-extra-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-guest-agent-2.6.2-41.62.1.ppc64le", product: { name: "qemu-guest-agent-2.6.2-41.62.1.ppc64le", product_id: "qemu-guest-agent-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-lang-2.6.2-41.62.1.ppc64le", product: { name: "qemu-lang-2.6.2-41.62.1.ppc64le", product_id: "qemu-lang-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-linux-user-2.6.2-41.62.1.ppc64le", product: { name: "qemu-linux-user-2.6.2-41.62.1.ppc64le", product_id: "qemu-linux-user-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-ppc-2.6.2-41.62.1.ppc64le", product: { name: "qemu-ppc-2.6.2-41.62.1.ppc64le", product_id: "qemu-ppc-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-s390-2.6.2-41.62.1.ppc64le", product: { name: "qemu-s390-2.6.2-41.62.1.ppc64le", product_id: "qemu-s390-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-testsuite-2.6.2-41.62.1.ppc64le", product: { name: "qemu-testsuite-2.6.2-41.62.1.ppc64le", product_id: "qemu-testsuite-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-tools-2.6.2-41.62.1.ppc64le", product: { name: "qemu-tools-2.6.2-41.62.1.ppc64le", product_id: "qemu-tools-2.6.2-41.62.1.ppc64le", }, }, { category: "product_version", name: "qemu-x86-2.6.2-41.62.1.ppc64le", product: { name: "qemu-x86-2.6.2-41.62.1.ppc64le", product_id: "qemu-x86-2.6.2-41.62.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "qemu-2.6.2-41.62.1.s390x", product: { name: "qemu-2.6.2-41.62.1.s390x", product_id: "qemu-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-arm-2.6.2-41.62.1.s390x", product: { name: "qemu-arm-2.6.2-41.62.1.s390x", product_id: "qemu-arm-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-block-curl-2.6.2-41.62.1.s390x", product: { name: "qemu-block-curl-2.6.2-41.62.1.s390x", product_id: "qemu-block-curl-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-block-dmg-2.6.2-41.62.1.s390x", product: { name: "qemu-block-dmg-2.6.2-41.62.1.s390x", product_id: "qemu-block-dmg-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-block-iscsi-2.6.2-41.62.1.s390x", product: { name: "qemu-block-iscsi-2.6.2-41.62.1.s390x", product_id: "qemu-block-iscsi-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-block-ssh-2.6.2-41.62.1.s390x", product: { name: "qemu-block-ssh-2.6.2-41.62.1.s390x", product_id: "qemu-block-ssh-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-extra-2.6.2-41.62.1.s390x", product: { name: "qemu-extra-2.6.2-41.62.1.s390x", product_id: "qemu-extra-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-guest-agent-2.6.2-41.62.1.s390x", product: { name: "qemu-guest-agent-2.6.2-41.62.1.s390x", product_id: "qemu-guest-agent-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-kvm-2.6.2-41.62.1.s390x", product: { name: "qemu-kvm-2.6.2-41.62.1.s390x", product_id: "qemu-kvm-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-lang-2.6.2-41.62.1.s390x", product: { name: "qemu-lang-2.6.2-41.62.1.s390x", product_id: "qemu-lang-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-linux-user-2.6.2-41.62.1.s390x", product: { name: "qemu-linux-user-2.6.2-41.62.1.s390x", product_id: "qemu-linux-user-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-ppc-2.6.2-41.62.1.s390x", product: { name: "qemu-ppc-2.6.2-41.62.1.s390x", product_id: "qemu-ppc-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-s390-2.6.2-41.62.1.s390x", product: { name: "qemu-s390-2.6.2-41.62.1.s390x", product_id: "qemu-s390-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-tools-2.6.2-41.62.1.s390x", product: { name: "qemu-tools-2.6.2-41.62.1.s390x", product_id: "qemu-tools-2.6.2-41.62.1.s390x", }, }, { category: "product_version", name: "qemu-x86-2.6.2-41.62.1.s390x", product: { name: "qemu-x86-2.6.2-41.62.1.s390x", product_id: "qemu-x86-2.6.2-41.62.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "qemu-2.6.2-41.62.1.x86_64", product: { name: "qemu-2.6.2-41.62.1.x86_64", product_id: "qemu-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-arm-2.6.2-41.62.1.x86_64", product: { name: "qemu-arm-2.6.2-41.62.1.x86_64", product_id: "qemu-arm-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-block-curl-2.6.2-41.62.1.x86_64", product: { name: "qemu-block-curl-2.6.2-41.62.1.x86_64", product_id: "qemu-block-curl-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-block-dmg-2.6.2-41.62.1.x86_64", product: { name: "qemu-block-dmg-2.6.2-41.62.1.x86_64", product_id: "qemu-block-dmg-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-block-iscsi-2.6.2-41.62.1.x86_64", product: { name: "qemu-block-iscsi-2.6.2-41.62.1.x86_64", product_id: "qemu-block-iscsi-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-block-rbd-2.6.2-41.62.1.x86_64", product: { name: "qemu-block-rbd-2.6.2-41.62.1.x86_64", product_id: "qemu-block-rbd-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-block-ssh-2.6.2-41.62.1.x86_64", product: { name: "qemu-block-ssh-2.6.2-41.62.1.x86_64", product_id: "qemu-block-ssh-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-extra-2.6.2-41.62.1.x86_64", product: { name: "qemu-extra-2.6.2-41.62.1.x86_64", product_id: "qemu-extra-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-guest-agent-2.6.2-41.62.1.x86_64", product: { name: "qemu-guest-agent-2.6.2-41.62.1.x86_64", product_id: "qemu-guest-agent-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-kvm-2.6.2-41.62.1.x86_64", product: { name: "qemu-kvm-2.6.2-41.62.1.x86_64", product_id: "qemu-kvm-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-lang-2.6.2-41.62.1.x86_64", product: { name: "qemu-lang-2.6.2-41.62.1.x86_64", product_id: "qemu-lang-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-linux-user-2.6.2-41.62.1.x86_64", product: { name: "qemu-linux-user-2.6.2-41.62.1.x86_64", product_id: "qemu-linux-user-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-ppc-2.6.2-41.62.1.x86_64", product: { name: "qemu-ppc-2.6.2-41.62.1.x86_64", product_id: "qemu-ppc-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-s390-2.6.2-41.62.1.x86_64", product: { name: "qemu-s390-2.6.2-41.62.1.x86_64", product_id: "qemu-s390-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-testsuite-2.6.2-41.62.1.x86_64", product: { name: "qemu-testsuite-2.6.2-41.62.1.x86_64", product_id: "qemu-testsuite-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-tools-2.6.2-41.62.1.x86_64", product: { name: "qemu-tools-2.6.2-41.62.1.x86_64", product_id: "qemu-tools-2.6.2-41.62.1.x86_64", }, }, { category: "product_version", name: "qemu-x86-2.6.2-41.62.1.x86_64", product: { name: "qemu-x86-2.6.2-41.62.1.x86_64", product_id: "qemu-x86-2.6.2-41.62.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "qemu-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-block-curl-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-block-curl-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-block-rbd-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-block-rbd-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-block-ssh-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-block-ssh-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-guest-agent-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-guest-agent-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-ipxe-1.0.0-41.62.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", }, product_reference: "qemu-ipxe-1.0.0-41.62.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-kvm-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-kvm-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-lang-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-lang-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", }, product_reference: "qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-sgabios-8-41.62.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", }, product_reference: "qemu-sgabios-8-41.62.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-tools-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-tools-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", }, product_reference: "qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "qemu-x86-2.6.2-41.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", }, product_reference: "qemu-x86-2.6.2-41.62.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, ], }, vulnerabilities: [ { cve: "CVE-2020-11947", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11947", }, ], notes: [ { category: "general", text: "iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11947", url: "https://www.suse.com/security/cve/CVE-2020-11947", }, { category: "external", summary: "SUSE Bug 1180523 for CVE-2020-11947", url: "https://bugzilla.suse.com/1180523", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-11947", }, { cve: "CVE-2020-12829", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-12829", }, ], notes: [ { category: "general", text: "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-12829", url: "https://www.suse.com/security/cve/CVE-2020-12829", }, { category: "external", summary: "SUSE Bug 1172385 for CVE-2020-12829", url: "https://bugzilla.suse.com/1172385", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-12829", }, { cve: "CVE-2020-13361", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13361", }, ], notes: [ { category: "general", text: "In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13361", url: "https://www.suse.com/security/cve/CVE-2020-13361", }, { category: "external", summary: "SUSE Bug 1172384 for CVE-2020-13361", url: "https://bugzilla.suse.com/1172384", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2020-13361", }, { cve: "CVE-2020-13362", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13362", }, ], notes: [ { category: "general", text: "In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13362", url: "https://www.suse.com/security/cve/CVE-2020-13362", }, { category: "external", summary: "SUSE Bug 1172383 for CVE-2020-13362", url: "https://bugzilla.suse.com/1172383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2020-13362", }, { cve: "CVE-2020-13659", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13659", }, ], notes: [ { category: "general", text: "address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13659", url: "https://www.suse.com/security/cve/CVE-2020-13659", }, { category: "external", summary: "SUSE Bug 1172386 for CVE-2020-13659", url: "https://bugzilla.suse.com/1172386", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-13659", }, { cve: "CVE-2020-13765", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13765", }, ], notes: [ { category: "general", text: "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13765", url: "https://www.suse.com/security/cve/CVE-2020-13765", }, { category: "external", summary: "SUSE Bug 1172478 for CVE-2020-13765", url: "https://bugzilla.suse.com/1172478", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "important", }, ], title: "CVE-2020-13765", }, { cve: "CVE-2020-14364", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14364", }, ], notes: [ { category: "general", text: "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14364", url: "https://www.suse.com/security/cve/CVE-2020-14364", }, { category: "external", summary: "SUSE Bug 1175441 for CVE-2020-14364", url: "https://bugzilla.suse.com/1175441", }, { category: "external", summary: "SUSE Bug 1175534 for CVE-2020-14364", url: "https://bugzilla.suse.com/1175534", }, { category: "external", summary: "SUSE Bug 1176494 for CVE-2020-14364", url: "https://bugzilla.suse.com/1176494", }, { category: "external", summary: "SUSE Bug 1177130 for CVE-2020-14364", url: "https://bugzilla.suse.com/1177130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-14364", }, { cve: "CVE-2020-15469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15469", }, ], notes: [ { category: "general", text: "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15469", url: "https://www.suse.com/security/cve/CVE-2020-15469", }, { category: "external", summary: "SUSE Bug 1173612 for CVE-2020-15469", url: "https://bugzilla.suse.com/1173612", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-15469", }, { cve: "CVE-2020-15863", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15863", }, ], notes: [ { category: "general", text: "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15863", url: "https://www.suse.com/security/cve/CVE-2020-15863", }, { category: "external", summary: "SUSE Bug 1174386 for CVE-2020-15863", url: "https://bugzilla.suse.com/1174386", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "important", }, ], title: "CVE-2020-15863", }, { cve: "CVE-2020-16092", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-16092", }, ], notes: [ { category: "general", text: "In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-16092", url: "https://www.suse.com/security/cve/CVE-2020-16092", }, { category: "external", summary: "SUSE Bug 1174641 for CVE-2020-16092", url: "https://bugzilla.suse.com/1174641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2020-16092", }, { cve: "CVE-2020-25084", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25084", }, ], notes: [ { category: "general", text: "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25084", url: "https://www.suse.com/security/cve/CVE-2020-25084", }, { category: "external", summary: "SUSE Bug 1176673 for CVE-2020-25084", url: "https://bugzilla.suse.com/1176673", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-25084", }, { cve: "CVE-2020-25624", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25624", }, ], notes: [ { category: "general", text: "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25624", url: "https://www.suse.com/security/cve/CVE-2020-25624", }, { category: "external", summary: "SUSE Bug 1176682 for CVE-2020-25624", url: "https://bugzilla.suse.com/1176682", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-25624", }, { cve: "CVE-2020-25625", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25625", }, ], notes: [ { category: "general", text: "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25625", url: "https://www.suse.com/security/cve/CVE-2020-25625", }, { category: "external", summary: "SUSE Bug 1176684 for CVE-2020-25625", url: "https://bugzilla.suse.com/1176684", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2020-25625", }, { cve: "CVE-2020-25723", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25723", }, ], notes: [ { category: "general", text: "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25723", url: "https://www.suse.com/security/cve/CVE-2020-25723", }, { category: "external", summary: "SUSE Bug 1178934 for CVE-2020-25723", url: "https://bugzilla.suse.com/1178934", }, { category: "external", summary: "SUSE Bug 1178935 for CVE-2020-25723", url: "https://bugzilla.suse.com/1178935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2020-25723", }, { cve: "CVE-2020-27617", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-27617", }, ], notes: [ { category: "general", text: "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-27617", url: "https://www.suse.com/security/cve/CVE-2020-27617", }, { category: "external", summary: "SUSE Bug 1178174 for CVE-2020-27617", url: "https://bugzilla.suse.com/1178174", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-27617", }, { cve: "CVE-2020-29130", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-29130", }, ], notes: [ { category: "general", text: "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-29130", url: "https://www.suse.com/security/cve/CVE-2020-29130", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2020-29130", url: "https://bugzilla.suse.com/1178658", }, { category: "external", summary: "SUSE Bug 1179467 for CVE-2020-29130", url: "https://bugzilla.suse.com/1179467", }, { category: "external", summary: "SUSE Bug 1179477 for CVE-2020-29130", url: "https://bugzilla.suse.com/1179477", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "moderate", }, ], title: "CVE-2020-29130", }, { cve: "CVE-2020-29443", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-29443", }, ], notes: [ { category: "general", text: "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-29443", url: "https://www.suse.com/security/cve/CVE-2020-29443", }, { category: "external", summary: "SUSE Bug 1181108 for CVE-2020-29443", url: "https://bugzilla.suse.com/1181108", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2020-29443", }, { cve: "CVE-2021-20181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20181", }, ], notes: [ { category: "general", text: "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20181", url: "https://www.suse.com/security/cve/CVE-2021-20181", }, { category: "external", summary: "SUSE Bug 1182137 for CVE-2021-20181", url: "https://bugzilla.suse.com/1182137", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "important", }, ], title: "CVE-2021-20181", }, { cve: "CVE-2021-20203", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20203", }, ], notes: [ { category: "general", text: "An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20203", url: "https://www.suse.com/security/cve/CVE-2021-20203", }, { category: "external", summary: "SUSE Bug 1181639 for CVE-2021-20203", url: "https://bugzilla.suse.com/1181639", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2021-20203", }, { cve: "CVE-2021-20257", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-20257", }, ], notes: [ { category: "general", text: "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-20257", url: "https://www.suse.com/security/cve/CVE-2021-20257", }, { category: "external", summary: "SUSE Bug 1182577 for CVE-2021-20257", url: "https://bugzilla.suse.com/1182577", }, { category: "external", summary: "SUSE Bug 1182846 for CVE-2021-20257", url: "https://bugzilla.suse.com/1182846", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2021-20257", }, { cve: "CVE-2021-3416", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3416", }, ], notes: [ { category: "general", text: "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3416", url: "https://www.suse.com/security/cve/CVE-2021-3416", }, { category: "external", summary: "SUSE Bug 1182968 for CVE-2021-3416", url: "https://bugzilla.suse.com/1182968", }, { category: "external", summary: "SUSE Bug 1186473 for CVE-2021-3416", url: "https://bugzilla.suse.com/1186473", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.62.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.62.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-04-22T16:07:10Z", details: "low", }, ], title: "CVE-2021-3416", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.