Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9034
HistoryFeb 08, 2021 - 12:00 a.m.

qemu security update

2021-02-0800:00:00
linux.oracle.com
176

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

[15:4.2.1-4.el7]

  • Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723}
  • hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}
  • i386: Add 2nd Generation AMD EPYC processors (Moger, Babu) [Orabug: 32217570]
  • libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}
  • Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} {CVE-2020-25625}
  • pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853]
  • ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}
  • Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658]
  • Add qemu_regdump sosreport plugin support for ‘-mon’ QMP sockets (Mark Kanda)
  • migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng)
  • migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng)
  • migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng)
  • migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng)
  • migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng)
  • migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng)
  • migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng)
  • migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng)
  • migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng)
  • migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng)
  • migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng)
  • migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng)
  • migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng)
  • migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng)
  • ram_addr: Split RAMBlock definition (Juan Quintela)
    [15:4.2.1-3.el7]
  • qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789]
  • qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763]
  • hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
  • hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
  • hw: ehci: check return value of ‘usb_packet_map’ (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
  • hw: xhci: check return value of ‘usb_packet_map’ (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
  • qemu.spec: Enable ‘-Werror’ for OL7 builds (Mark Kanda) [Orabug: 31922718]
  • usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364}
  • Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415}
    [15:4.2.1-2.el7]
  • hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863}
  • hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092}
  • migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256]
  • virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255]
  • pvpanic: implement crashloaded event handling (Zhenwei Pi) [Orabug: 31677154]
  • pvpanic: introduce crashloaded for pvpanic (Zhenwei Pi) [Orabug: 31677154]
    [15:4.2.1-1.el7]
  • hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
  • hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336]
  • hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
  • hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336]
  • hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336]
  • libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756}
  • Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608}
  • Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824}
  • qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035]
  • qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035]
  • qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035]
  • vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035]
  • parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035]
  • virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035]
  • qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035]
  • qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035]
  • bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035]
  • kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035]
  • 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035]
  • exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659}
  • megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362}
  • memory: Revert ‘memory: accept mismatching sizes in memory_region_access_valid’ (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791}
    [15:4.1.1-3.el7]
  • buildrpm/spec files: Dont package elf2dmp (Karl Heubaum) [Orabug: 31657424]
  • qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424]
  • qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424]
    [15:4.1.1-2.el7]
  • Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765}
  • kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399]
  • kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399]
  • target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710]
  • target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710]
  • ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800}
  • es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361}
  • ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869}
  • libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983}
  • Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034}
  • libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608}
  • target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041]
  • qemu-img: Add --target-is-zero to convert (David Edmondson)
  • vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382}
  • iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711}
  • qemu.spec: Remove ‘BuildRequires: kernel’ (Karl Heubaum) [Orabug: 31124047]
    [15:4.1.1-1.el7]
  • qemu-submodule-init: Add Git submodule init script

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C