Univention Bugzilla – Bug 53054
qemu: Multiple issues (4.4)
Last modified: 2021-04-14 12:06:20 CEST
New Debian qemu 1:2.8+dfsg-6+deb9u14A~4.4.7.202104120844 fixes: This update addresses the following issues: * heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c (CVE-2020-17380) * scsi: mptsas: use-after-free while processing io requests (CVE-2021-3392) * sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085 (CVE-2021-3409) * net: infinite loop in loopback mode may lead to stack overflow (CVE-2021-3416) * Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c (CVE-2021-20203) * net: eepro100: stack overflow via infinite recursion (CVE-2021-20255) * net: e1000: infinite loop while processing transmit descriptors (CVE-2021-20257)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/qemu_2.8+dfsg-6+deb9u13A~4.4.7.202102220936.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/qemu_2.8+dfsg-6+deb9u14A~4.4.7.202104120844.dsc @@ -1,4 +1,4 @@ -1:2.8+dfsg-6+deb9u13A~4.4.7.202102220936 [Mon, 22 Feb 2021 10:03:20 +0100] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u14A~4.4.7.202104120844 [Mon, 12 Apr 2021 08:49:29 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Disable-Xen-for-UCS @@ -12,6 +12,42 @@ 1006-0007-Bug-38877-fix-qemu-kvm-1.1-piix4_pm-incompatibi 1007-0008-x86-Work-around-SMI-migration-breakages 1008-0009-migration-ram.c-do-not-set-postcopy_running-in-POSTC + +1:2.8+dfsg-6+deb9u14 [Sat, 10 Apr 2021 16:38:50 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2021-20257: + net: e1000: infinite loop while processing transmit descriptors + * Fix CVE-2021-20255: + A stack overflow via an infinite recursion vulnerability was found in the + eepro100 i8255x device emulator of QEMU. This issue occurs while processing + controller commands due to a DMA reentry issue. This flaw allows a guest + user or process to consume CPU cycles or crash the QEMU process on the + host, resulting in a denial of service. + * Fix CVE-2021-20203: + An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU + for versions up to v5.2.0. It may occur if a guest was to supply invalid + values for rx/tx queue size or other NIC parameters. A privileged guest + user may use this flaw to crash the QEMU process on the host resulting in + DoS scenario. + * Fix CVE-2021-3416: + A potential stack overflow via infinite loop issue was found in various NIC + emulators of QEMU in versions up to and including 5.2.0. The issue occurs + in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A + guest user/process may use this flaw to consume CPU cycles or crash the + QEMU process on the host resulting in DoS scenario. + * Fix CVE-2021-3409/CVE-2020-17380: + The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, + thus making QEMU vulnerable to the out-of-bounds read/write access issues + previously found in the SDHCI controller emulation code. This flaw allows a + malicious privileged guest to crash the QEMU process on the host, resulting + in a denial of service or potential code execution. + * Fix CVE-2021-3392: + A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue + occurs while processing SCSI I/O requests in the case of an error + mptsas_free_request() that does not dequeue the request object 'req' from + a pending requests queue. This flaw allows a privileged guest user to + crash the QEMU process on the host, resulting in a denial of service. 1:2.8+dfsg-6+deb9u13 [Fri, 12 Feb 2021 14:11:25 +0100] Sylvain Beucler <beuc@debian.org>: <http://piuparts.knut.univention.de/4.4-7/#5105366278897184371>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] df4a1a5a6f Bug #53054: qemu 1:2.8+dfsg-6+deb9u14A~4.4.7.202104120844 doc/errata/staging/qemu.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.4-7] e92bca1fd6 Bug #53054: qemu 1:2.8+dfsg-6+deb9u14A~4.4.7.202104120844 doc/errata/staging/qemu.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x952>