jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2022/cvrf-openEuler-SA-2022-1679.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

166 lines
16 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2022-1679</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2022-05-28</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2022-05-28</InitialReleaseDate>
<CurrentReleaseDate>2022-05-28</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2022-05-28</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">qemu security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.
Security Fix(es):
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller&apos;s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.(CVE-2021-3750)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for qemu is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">qemu</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1679</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3750</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3750</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="qemu-block-rbd-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-rbd-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-iscsi-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-iscsi-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-guest-agent-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-guest-agent-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-debugsource-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debugsource-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-curl-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-curl-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-debuginfo-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debuginfo-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-ssh-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-ssh-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-img-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-img-4.1.0-64.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-debugsource-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-debugsource-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-iscsi-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-iscsi-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-ssh-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-ssh-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-debuginfo-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-debuginfo-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-img-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-img-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-guest-agent-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-guest-agent-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-rbd-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-rbd-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-curl-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-curl-4.1.0-68.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-img-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-img-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-ssh-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-ssh-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-debuginfo-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-debuginfo-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-hw-usb-host-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-hw-usb-host-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-iscsi-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-iscsi-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-curl-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-curl-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-guest-agent-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-guest-agent-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-rbd-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-rbd-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="qemu-debugsource-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-debugsource-6.2.0-35.oe2203.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="qemu-help-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-help-4.1.0-64.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="qemu-help-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-help-4.1.0-68.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="qemu-help-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-help-6.2.0-35.oe2203.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="qemu-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-4.1.0-64.oe1.src.rpm</FullProductName>
<FullProductName ProductID="qemu-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-4.1.0-68.oe1.src.rpm</FullProductName>
<FullProductName ProductID="qemu-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-6.2.0-35.oe2203.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="qemu-img-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-img-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-debuginfo-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debuginfo-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-iscsi-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-iscsi-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-debugsource-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debugsource-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-guest-agent-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-guest-agent-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-curl-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-curl-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-seabios-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-seabios-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-rbd-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-rbd-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-ssh-4.1.0-64" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-ssh-4.1.0-64.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-seabios-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-seabios-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-img-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-img-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-debuginfo-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-debuginfo-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-guest-agent-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-guest-agent-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-debugsource-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-debugsource-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-ssh-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-ssh-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-rbd-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-rbd-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-iscsi-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-iscsi-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-curl-4.1.0-68" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">qemu-block-curl-4.1.0-68.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-img-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-img-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-ssh-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-ssh-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-debuginfo-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-debuginfo-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-hw-usb-host-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-hw-usb-host-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-iscsi-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-iscsi-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-curl-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-curl-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-guest-agent-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-guest-agent-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-block-rbd-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-block-rbd-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-debugsource-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-debugsource-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="qemu-seabios-6.2.0-35" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">qemu-seabios-6.2.0-35.oe2203.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.</Note>
</Notes>
<ReleaseDate>2022-05-28</ReleaseDate>
<CVE>CVE-2021-3750</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>8.2</BaseScore>
<Vector>AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>qemu security update</Description>
<DATE>2022-05-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1679</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink