An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1662 Final 1.0 1.0 2022-05-20 Initial 2022-05-20 2022-05-20 openEuler SA Tool V1.0 2022-05-20 qemu security update An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fix(es): A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4206) A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor->header.width and cursor->header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.(CVE-2021-4207) A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-20196) A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.(CVE-2022-26353) A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.(CVE-2022-26354) An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High qemu https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1662 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4206 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4207 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20196 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26353 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26354 https://nvd.nist.gov/vuln/detail/CVE-2021-4206 https://nvd.nist.gov/vuln/detail/CVE-2021-4207 https://nvd.nist.gov/vuln/detail/CVE-2021-20196 https://nvd.nist.gov/vuln/detail/CVE-2022-26353 https://nvd.nist.gov/vuln/detail/CVE-2022-26354 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS qemu-4.1.0-63.oe1.aarch64.rpm qemu-block-curl-4.1.0-63.oe1.aarch64.rpm qemu-block-iscsi-4.1.0-63.oe1.aarch64.rpm qemu-block-rbd-4.1.0-63.oe1.aarch64.rpm qemu-block-ssh-4.1.0-63.oe1.aarch64.rpm qemu-debuginfo-4.1.0-63.oe1.aarch64.rpm qemu-debugsource-4.1.0-63.oe1.aarch64.rpm qemu-guest-agent-4.1.0-63.oe1.aarch64.rpm qemu-img-4.1.0-63.oe1.aarch64.rpm qemu-4.1.0-67.oe1.aarch64.rpm qemu-block-curl-4.1.0-67.oe1.aarch64.rpm qemu-block-iscsi-4.1.0-67.oe1.aarch64.rpm qemu-block-rbd-4.1.0-67.oe1.aarch64.rpm qemu-block-ssh-4.1.0-67.oe1.aarch64.rpm qemu-debuginfo-4.1.0-67.oe1.aarch64.rpm qemu-debugsource-4.1.0-67.oe1.aarch64.rpm qemu-guest-agent-4.1.0-67.oe1.aarch64.rpm qemu-img-4.1.0-67.oe1.aarch64.rpm qemu-6.2.0-34.oe1.aarch64.rpm qemu-block-curl-6.2.0-34.oe1.aarch64.rpm qemu-block-iscsi-6.2.0-34.oe1.aarch64.rpm qemu-block-rbd-6.2.0-34.oe1.aarch64.rpm qemu-block-ssh-6.2.0-34.oe1.aarch64.rpm qemu-debuginfo-6.2.0-34.oe1.aarch64.rpm qemu-debugsource-6.2.0-34.oe1.aarch64.rpm qemu-guest-agent-6.2.0-34.oe1.aarch64.rpm qemu-img-6.2.0-34.oe1.aarch64.rpm qemu-hw-usb-host-6.2.0-34.oe2203.aarch64.rpm qemu-4.1.0-63.oe1.src.rpm qemu-4.1.0-67.oe1.src.rpm qemu-6.2.0-34.oe2203.src.rpm qemu-4.1.0-63.oe1.x86_64.rpm qemu-block-curl-4.1.0-63.oe1.x86_64.rpm qemu-block-iscsi-4.1.0-63.oe1.x86_64.rpm qemu-block-rbd-4.1.0-63.oe1.x86_64.rpm qemu-block-ssh-4.1.0-63.oe1.x86_64.rpm qemu-debuginfo-4.1.0-63.oe1.x86_64.rpm qemu-debugsource-4.1.0-63.oe1.x86_64.rpm qemu-guest-agent-4.1.0-63.oe1.x86_64.rpm qemu-img-4.1.0-63.oe1.x86_64.rpm qemu-seabios-4.1.0-63.oe1.x86_64.rpm qemu-4.1.0-67.oe1.x86_64.rpm qemu-block-curl-4.1.0-67.oe1.x86_64.rpm qemu-block-iscsi-4.1.0-67.oe1.x86_64.rpm qemu-block-rbd-4.1.0-67.oe1.x86_64.rpm qemu-block-ssh-4.1.0-67.oe1.x86_64.rpm qemu-debuginfo-4.1.0-67.oe1.x86_64.rpm qemu-debugsource-4.1.0-67.oe1.x86_64.rpm qemu-guest-agent-4.1.0-67.oe1.x86_64.rpm qemu-img-4.1.0-67.oe1.x86_64.rpm qemu-seabios-4.1.0-67.oe1.x86_64.rpm qemu-6.2.0-34.oe1.x86_64.rpm qemu-block-curl-6.2.0-34.oe1.x86_64.rpm qemu-block-iscsi-6.2.0-34.oe1.x86_64.rpm qemu-block-rbd-6.2.0-34.oe1.x86_64.rpm qemu-block-ssh-6.2.0-34.oe1.x86_64.rpm qemu-debuginfo-6.2.0-34.oe1.x86_64.rpm qemu-debugsource-6.2.0-34.oe1.x86_64.rpm qemu-guest-agent-6.2.0-34.oe1.x86_64.rpm qemu-img-6.2.0-34.oe1.x86_64.rpm qemu-hw-usb-host-6.2.0-34.oe2203.x86_64.rpm qemu-seabios-6.2.0-34.oe2203.x86_64.rpm qemu-help-4.1.0-63.oe1.noarch.rpm qemu-help-4.1.0-67.oe1.noarch.rpm qemu-help-6.2.0-34.oe2203.noarch.rpm A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-05-20 CVE-2021-4206 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H qemu security update 2022-05-20 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1662 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor->header.width and cursor->header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-05-20 CVE-2021-4207 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H qemu security update 2022-05-20 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1662 A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 2022-05-20 CVE-2021-20196 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H qemu security update 2022-05-20 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1662 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. 2022-05-20 CVE-2022-26353 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H qemu security update 2022-05-20 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1662 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. 2022-05-20 CVE-2022-26354 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Low 3.2 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L qemu security update 2022-05-20 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1662