Lucene search

K
oraclelinuxOracleLinuxELSA-2022-9172
HistoryFeb 25, 2022 - 12:00 a.m.

virt:kvm_utils security update

2022-02-2500:00:00
linux.oracle.com
44

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%

hivex
[1.3.18-21]

  • Bounds check for block exceeding page length (CVE-2021-3504)
    resolves: rhbz#1950501
    libguestfs
    [1.40.2-28.0.1]
  • Replace upstream references from description tag
  • Config supermin to use host yum.conf in ol8 [Orabug: 29319324]
  • Set DISTRO_ORACLE_LINUX correspeonding to ol
    [1:1.40.2-28]
  • daemon: lvm: Use lvcreate --yes to avoid interactive prompts
    resolves: rhbz#1933640
    [1:1.40.2-27]
  • selinux-relabel does not work if SELINUXTYPE != targeted
  • tar-in command does not allow restoring file capabilities
    resolves: rhbz#1384241 rhbz#1828952
    [1:1.40.2-26]
  • insufficient default memsize to open anaconda default RHEL 8.2 luks device
    resolves: rhbz#1837765
    libnbd
    [1.2.2]
  • Resolves: bz#1844296
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    libvirt
    [5.7.0-32.el8]
  • qemu: Validate config->exadata before reaping guests (Wim ten Have) [Orabug: 33763967]
  • qemu: Make vNUMA/SMT pCPU packing L3-cache aware on AMD/E4 (Wim ten Have) [Orabug: 33268059]
  • qemu: work exadataConfig flags directly from the QEMUdriver structure (Wim ten Have) [Orabug: 33268059]
  • qemu: Label restore path outside of secdriver transactions (Michal Privoznik) [Orabug: 33351242]
  • security: Introduce virSecurityManagerDomainSetPathLabelRO (Michal Privoznik) [Orabug: 33351242]
    libvirt-python
    [5.7.0-1.el8]
  • libvirt-python.spec: Add a .spec file for libvirt-python
    qemu-kvm
    [4.2.1.15.el8]
  • qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340]
  • Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947}
  • hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196}
  • hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196}
  • net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203}
  • lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
  • pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
  • rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
  • tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
  • sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
  • dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
  • e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
  • net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
  • target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini)
  • target/i386: Observe XSAVE state area offsets (Paolo Bonzini)
  • target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini)
  • target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini)
  • target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini)
  • target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini)
  • target/i386: Declare constants for XSAVE offsets (Paolo Bonzini)
    [4.2.1-14.el8]
  • scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443]
  • scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443]
  • scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443]
  • scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443]
  • scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443]
  • scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443]
  • scsi: drop ‘result’ argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443]
  • scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443]
  • scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443]
  • scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443]
  • scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443]
  • scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443]
  • scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443]
    [4.2.1-13.el8]
  • pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532]
    [4.2.1-12.1.el8]
  • Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
  • hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson)
  • pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706]
  • pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706]
  • pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706]
  • pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706]
  • pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706]
  • pci: implement power state (Gerd Hoffmann) [Orabug: 33450706]
  • hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706]
  • hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706]
  • hw/pci/pcie: Forbid hot-plug if it’s disabled on the slot (Julia Suvorova) [Orabug: 33450706]
  • pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706]
  • qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706]
  • i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard)
  • uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713}
  • usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682}
  • hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930}
  • e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257}
  • virtio-net-pci: Don’t use ‘efi-virtio.rom’ on AArch64 (Mark Kanda) [Orabug: 33537594]
  • MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng)
  • target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng)
  • ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng)
  • KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng)
  • ACPI: Record the Generic Error Status Block address (Dongjiu Geng)
  • ACPI: Build Hardware Error Source Table (Dongjiu Geng)
  • ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng)
  • docs: APEI GHES generation and CPER record description (Dongjiu Geng)
  • hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng)
  • acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng)
  • block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589]
  • block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589]
    [4.2.1-11.el8]
  • trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428]
    [4.2.1-11.el8]
  • pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608}
  • pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607}
  • hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582}
  • vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
  • vhost-user-gpu: fix OOB write in ‘virgl_cmd_get_capset’ (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
  • vhost-user-gpu: fix memory leak in ‘virgl_resource_attach_backing’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory leak in ‘virgl_cmd_resource_unref’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory leak while calling ‘vg_resource_unref’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix resource leak in ‘vg_resource_create_2d’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545}
  • usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
  • usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
  • mptsas: Remove unused MPTSASState ‘pending’ field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392}
  • oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402]
  • oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402]

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%