Main Vulnerability Database SB2023032332

SB2023032332 - SUSE update for qemu

Published: March 23, 2023

Security Bulletin ID SB2023032332

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2022-4144)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a malicious guest user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the qxl_phys2virt() function in the QXL display device emulation in QEMU. A malicious guest user can trigger an out-of-bounds read error and crash the QEMU process on the host

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20230877-1/

Vulnerable Software

SUSE Linux Enterprise High Performance Computing 15: SP1
SUSE Linux Enterprise Server 15: SP1
SUSE Linux Enterprise Server for SAP Applications 15: SP1
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
qemu-ipxe: before 1.0.0+-150100.80.46.1
qemu-vgabios: before 1.12.0_0_ga698c89-150100.80.46.1
qemu-seabios: before 1.12.0_0_ga698c89-150100.80.46.1
qemu-audio-pa-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-kvm: before 3.1.1.1-150100.80.46.1
qemu-ui-curses-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-ui-curses: before 3.1.1.1-150100.80.46.1
qemu-x86-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-audio-oss: before 3.1.1.1-150100.80.46.1
qemu-ui-gtk: before 3.1.1.1-150100.80.46.1
qemu-audio-oss-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-block-iscsi-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-x86: before 3.1.1.1-150100.80.46.1
qemu-audio-alsa-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-audio-alsa: before 3.1.1.1-150100.80.46.1
qemu-audio-pa: before 3.1.1.1-150100.80.46.1
qemu-ui-gtk-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-ppc-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-ppc: before 3.1.1.1-150100.80.46.1
qemu-s390-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-s390: before 3.1.1.1-150100.80.46.1
qemu-guest-agent: before 3.1.1.1-150100.80.46.1
qemu-block-curl: before 3.1.1.1-150100.80.46.1
qemu-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-debugsource: before 3.1.1.1-150100.80.46.1
qemu-tools-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-block-ssh: before 3.1.1.1-150100.80.46.1
qemu: before 3.1.1.1-150100.80.46.1
qemu-tools: before 3.1.1.1-150100.80.46.1
qemu-guest-agent-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-block-iscsi: before 3.1.1.1-150100.80.46.1
qemu-block-rbd-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-block-ssh-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-lang: before 3.1.1.1-150100.80.46.1
qemu-block-rbd: before 3.1.1.1-150100.80.46.1
qemu-block-curl-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-arm: before 3.1.1.1-150100.80.46.1
qemu-arm-debuginfo: before 3.1.1.1-150100.80.46.1
qemu-sgabios: before 8-150100.80.46.1

SB2023032332 - SUSE update for qemu

Breakdown by Severity

Description

Remediation

References

Please verify you're human