184 lines
11 KiB
XML
184 lines
11 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
|
<DocumentTitle xml:lang="en">An update for qemu is now available for openEuler-20.03-LTS-SP1</DocumentTitle>
|
|
<DocumentType>Security Advisory</DocumentType>
|
|
<DocumentPublisher Type="Vendor">
|
|
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
|
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
|
</DocumentPublisher>
|
|
<DocumentTracking>
|
|
<Identification>
|
|
<ID>openEuler-SA-2021-1227</ID>
|
|
</Identification>
|
|
<Status>Final</Status>
|
|
<Version>1.0</Version>
|
|
<RevisionHistory>
|
|
<Revision>
|
|
<Number>1.0</Number>
|
|
<Date>2021-06-22</Date>
|
|
<Description>Initial</Description>
|
|
</Revision>
|
|
</RevisionHistory>
|
|
<InitialReleaseDate>2021-06-22</InitialReleaseDate>
|
|
<CurrentReleaseDate>2021-06-22</CurrentReleaseDate>
|
|
<Generator>
|
|
<Engine>openEuler SA Tool V1.0</Engine>
|
|
<Date>2021-06-22</Date>
|
|
</Generator>
|
|
</DocumentTracking>
|
|
<DocumentNotes>
|
|
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">qemu security update</Note>
|
|
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for qemu is now available for openEuler-20.03-LTS-SP1.</Note>
|
|
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.
|
|
|
|
Security Fix(es):
|
|
|
|
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3546)
|
|
|
|
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.(CVE-2021-3545)
|
|
|
|
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.(CVE-2021-3544)</Note>
|
|
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for qemu is now available for openEuler-20.03-LTS-SP1.
|
|
|
|
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
|
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
|
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">qemu</Note>
|
|
</DocumentNotes>
|
|
<DocumentReferences>
|
|
<Reference Type="Self">
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1227</URL>
|
|
</Reference>
|
|
<Reference Type="openEuler CVE">
|
|
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-3546</URL>
|
|
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-3545</URL>
|
|
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-3544</URL>
|
|
</Reference>
|
|
<Reference Type="Other">
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3546</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3545</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3544</URL>
|
|
</Reference>
|
|
</DocumentReferences>
|
|
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
|
<Branch Type="Product Name" Name="openEuler">
|
|
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="aarch64">
|
|
<FullProductName ProductID="qemu-guest-agent-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-guest-agent-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-debuginfo-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debuginfo-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-img-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-img-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-block-ssh-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-ssh-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-block-rbd-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-rbd-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-block-iscsi-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-iscsi-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-debugsource-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debugsource-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-4.1.0-48.oe1.aarch64.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="noarch">
|
|
<FullProductName ProductID="qemu-help-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-help-4.1.0-48.oe1.noarch.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="src">
|
|
<FullProductName ProductID="qemu-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-4.1.0-48.oe1.src.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="x86_64">
|
|
<FullProductName ProductID="qemu-seabios-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-seabios-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-debuginfo-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debuginfo-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-block-ssh-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-ssh-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-guest-agent-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-guest-agent-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-img-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-img-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-debugsource-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-debugsource-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-block-rbd-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-rbd-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="qemu-block-iscsi-4.1.0-48" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">qemu-block-iscsi-4.1.0-48.oe1.x86_64.rpm</FullProductName>
|
|
</Branch>
|
|
</ProductTree>
|
|
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2021-06-22</ReleaseDate>
|
|
<CVE>CVE-2021-3546</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>8.8</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>qemu security update</Description>
|
|
<DATE>2021-06-22</DATE>
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1227</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2021-06-22</ReleaseDate>
|
|
<CVE>CVE-2021-3545</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>Medium</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>6.5</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>qemu security update</Description>
|
|
<DATE>2021-06-22</DATE>
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1227</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2021-06-22</ReleaseDate>
|
|
<CVE>CVE-2021-3544</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>Medium</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>6.5</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>qemu security update</Description>
|
|
<DATE>2021-06-22</DATE>
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1227</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
</cvrfdoc> |