Vulnerability from csaf_suse
Published
2021-04-20 12:35
Modified
2021-04-20 12:35
Summary
Security update for kvm
Notes
Title of the patch
Security update for kvm
Description of the patch
This update for kvm fixes the following issues:
- Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)
- Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467)
- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)
- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)
Patchnames
slessp4-kvm-14704
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kvm fixes the following issues:\n\n- Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385)\n- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)\n- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)\n- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)\n- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)\n- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)\n- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)\n- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)\n- Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467)\n- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)\n- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)\n- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-kvm-14704",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14704-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:14704-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114704-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:14704-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008660.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172383",
"url": "https://bugzilla.suse.com/1172383"
},
{
"category": "self",
"summary": "SUSE Bug 1172384",
"url": "https://bugzilla.suse.com/1172384"
},
{
"category": "self",
"summary": "SUSE Bug 1172385",
"url": "https://bugzilla.suse.com/1172385"
},
{
"category": "self",
"summary": "SUSE Bug 1172478",
"url": "https://bugzilla.suse.com/1172478"
},
{
"category": "self",
"summary": "SUSE Bug 1175441",
"url": "https://bugzilla.suse.com/1175441"
},
{
"category": "self",
"summary": "SUSE Bug 1176673",
"url": "https://bugzilla.suse.com/1176673"
},
{
"category": "self",
"summary": "SUSE Bug 1176682",
"url": "https://bugzilla.suse.com/1176682"
},
{
"category": "self",
"summary": "SUSE Bug 1176684",
"url": "https://bugzilla.suse.com/1176684"
},
{
"category": "self",
"summary": "SUSE Bug 1178934",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "self",
"summary": "SUSE Bug 1179467",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "self",
"summary": "SUSE Bug 1181108",
"url": "https://bugzilla.suse.com/1181108"
},
{
"category": "self",
"summary": "SUSE Bug 1182137",
"url": "https://bugzilla.suse.com/1182137"
},
{
"category": "self",
"summary": "SUSE Bug 1182425",
"url": "https://bugzilla.suse.com/1182425"
},
{
"category": "self",
"summary": "SUSE Bug 1182577",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3689 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1779 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12829 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13361 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13765 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14364 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25084 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25624 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29130 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29443 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20181 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20257 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20257/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2021-04-20T12:35:06Z",
"generator": {
"date": "2021-04-20T12:35:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:14704-1",
"initial_release_date": "2021-04-20T12:35:06Z",
"revision_history": [
{
"date": "2021-04-20T12:35:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.34.1.i586",
"product": {
"name": "kvm-1.4.2-60.34.1.i586",
"product_id": "kvm-1.4.2-60.34.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.34.1.s390x",
"product": {
"name": "kvm-1.4.2-60.34.1.s390x",
"product_id": "kvm-1.4.2-60.34.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.34.1.x86_64",
"product": {
"name": "kvm-1.4.2-60.34.1.x86_64",
"product_id": "kvm-1.4.2-60.34.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.34.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586"
},
"product_reference": "kvm-1.4.2-60.34.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.34.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x"
},
"product_reference": "kvm-1.4.2-60.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.34.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
},
"product_reference": "kvm-1.4.2-60.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3689"
}
],
"notes": [
{
"category": "general",
"text": "The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3689",
"url": "https://www.suse.com/security/cve/CVE-2014-3689"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 1189862 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/1189862"
},
{
"category": "external",
"summary": "SUSE Bug 901508 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/901508"
},
{
"category": "external",
"summary": "SUSE Bug 962611 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/962611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "important"
}
],
"title": "CVE-2014-3689"
},
{
"cve": "CVE-2015-1779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1779"
}
],
"notes": [
{
"category": "general",
"text": "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1779",
"url": "https://www.suse.com/security/cve/CVE-2015-1779"
},
{
"category": "external",
"summary": "SUSE Bug 924018 for CVE-2015-1779",
"url": "https://bugzilla.suse.com/924018"
},
{
"category": "external",
"summary": "SUSE Bug 962632 for CVE-2015-1779",
"url": "https://bugzilla.suse.com/962632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "moderate"
}
],
"title": "CVE-2015-1779"
},
{
"cve": "CVE-2020-12829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12829"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12829",
"url": "https://www.suse.com/security/cve/CVE-2020-12829"
},
{
"category": "external",
"summary": "SUSE Bug 1172385 for CVE-2020-12829",
"url": "https://bugzilla.suse.com/1172385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "moderate"
}
],
"title": "CVE-2020-12829"
},
{
"cve": "CVE-2020-13361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13361"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13361",
"url": "https://www.suse.com/security/cve/CVE-2020-13361"
},
{
"category": "external",
"summary": "SUSE Bug 1172384 for CVE-2020-13361",
"url": "https://bugzilla.suse.com/1172384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "low"
}
],
"title": "CVE-2020-13361"
},
{
"cve": "CVE-2020-13362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13362"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13362",
"url": "https://www.suse.com/security/cve/CVE-2020-13362"
},
{
"category": "external",
"summary": "SUSE Bug 1172383 for CVE-2020-13362",
"url": "https://bugzilla.suse.com/1172383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "low"
}
],
"title": "CVE-2020-13362"
},
{
"cve": "CVE-2020-13765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13765"
}
],
"notes": [
{
"category": "general",
"text": "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13765",
"url": "https://www.suse.com/security/cve/CVE-2020-13765"
},
{
"category": "external",
"summary": "SUSE Bug 1172478 for CVE-2020-13765",
"url": "https://bugzilla.suse.com/1172478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "important"
}
],
"title": "CVE-2020-13765"
},
{
"cve": "CVE-2020-14364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14364"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice \u0027setup_len\u0027 exceeds its \u0027data_buf[4096]\u0027 in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14364",
"url": "https://www.suse.com/security/cve/CVE-2020-14364"
},
{
"category": "external",
"summary": "SUSE Bug 1175441 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1175441"
},
{
"category": "external",
"summary": "SUSE Bug 1175534 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1175534"
},
{
"category": "external",
"summary": "SUSE Bug 1176494 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1176494"
},
{
"category": "external",
"summary": "SUSE Bug 1177130 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1177130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "moderate"
}
],
"title": "CVE-2020-14364"
},
{
"cve": "CVE-2020-25084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25084"
}
],
"notes": [
{
"category": "general",
"text": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25084",
"url": "https://www.suse.com/security/cve/CVE-2020-25084"
},
{
"category": "external",
"summary": "SUSE Bug 1176673 for CVE-2020-25084",
"url": "https://bugzilla.suse.com/1176673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "moderate"
}
],
"title": "CVE-2020-25084"
},
{
"cve": "CVE-2020-25624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25624"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25624",
"url": "https://www.suse.com/security/cve/CVE-2020-25624"
},
{
"category": "external",
"summary": "SUSE Bug 1176682 for CVE-2020-25624",
"url": "https://bugzilla.suse.com/1176682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "moderate"
}
],
"title": "CVE-2020-25624"
},
{
"cve": "CVE-2020-25625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25625"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25625",
"url": "https://www.suse.com/security/cve/CVE-2020-25625"
},
{
"category": "external",
"summary": "SUSE Bug 1176684 for CVE-2020-25625",
"url": "https://bugzilla.suse.com/1176684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "low"
}
],
"title": "CVE-2020-25625"
},
{
"cve": "CVE-2020-25723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25723"
}
],
"notes": [
{
"category": "general",
"text": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25723",
"url": "https://www.suse.com/security/cve/CVE-2020-25723"
},
{
"category": "external",
"summary": "SUSE Bug 1178934 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "external",
"summary": "SUSE Bug 1178935 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "low"
}
],
"title": "CVE-2020-25723"
},
{
"cve": "CVE-2020-29130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29130"
}
],
"notes": [
{
"category": "general",
"text": "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29130",
"url": "https://www.suse.com/security/cve/CVE-2020-29130"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1179467 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "external",
"summary": "SUSE Bug 1179477 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "moderate"
}
],
"title": "CVE-2020-29130"
},
{
"cve": "CVE-2020-29443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29443"
}
],
"notes": [
{
"category": "general",
"text": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29443",
"url": "https://www.suse.com/security/cve/CVE-2020-29443"
},
{
"category": "external",
"summary": "SUSE Bug 1181108 for CVE-2020-29443",
"url": "https://bugzilla.suse.com/1181108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "low"
}
],
"title": "CVE-2020-29443"
},
{
"cve": "CVE-2021-20181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20181"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20181",
"url": "https://www.suse.com/security/cve/CVE-2021-20181"
},
{
"category": "external",
"summary": "SUSE Bug 1182137 for CVE-2021-20181",
"url": "https://bugzilla.suse.com/1182137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "important"
}
],
"title": "CVE-2021-20181"
},
{
"cve": "CVE-2021-20257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20257"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20257",
"url": "https://www.suse.com/security/cve/CVE-2021-20257"
},
{
"category": "external",
"summary": "SUSE Bug 1182577 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "external",
"summary": "SUSE Bug 1182846 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-20T12:35:06Z",
"details": "low"
}
],
"title": "CVE-2021-20257"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.