Lucene search

K
redhatRedHatRHSA-2022:0081
HistoryJan 11, 2022 - 9:12 a.m.

(RHSA-2022:0081) Low: virt:av and virt-devel:av security and bug fix update

2022-01-1109:12:04
access.redhat.com
44
rhsa-2022-0081
advanced virtualization
security fix
bug fix
kvm
qemu
cve-2021-3930
cve-2021-20257
bz#2025604
bz#2025609
cvss score

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (CVE-2021-3930)

  • QEMU: net: e1000: infinite loop while processing transmit descriptors (CVE-2021-20257)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • migrate failed on no-socket protocol when open multifd (BZ#2025604)

  • qemu segfault after the 2rd postcopy live migration with vhost-user [rhel-av 8.5.0.z] (BZ#2025609)

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64leqemu-kvm-debugsource< 6.0.0-33.module+el8.5.0+13514+2c386966.1qemu-kvm-debugsource-6.0.0-33.module+el8.5.0+13514+2c386966.1.ppc64le.rpm
RedHatanyi686python3-libvirt< 7.6.0-1.module+el8.5.0+12098+85b3670bpython3-libvirt-7.6.0-1.module+el8.5.0+12098+85b3670b.i686.rpm
RedHatanyx86_64perl-sys-virt< 7.4.0-1.module+el8.5.0+11289+b29e262fperl-Sys-Virt-7.4.0-1.module+el8.5.0+11289+b29e262f.x86_64.rpm
RedHatanyx86_64qemu-kvm-block-ssh-debuginfo< 6.0.0-33.module+el8.5.0+13514+2c386966.1qemu-kvm-block-ssh-debuginfo-6.0.0-33.module+el8.5.0+13514+2c386966.1.x86_64.rpm
RedHatanyx86_64nbdkit< 1.24.0-1.module+el8.4.0+9341+96cf2672nbdkit-1.24.0-1.module+el8.4.0+9341+96cf2672.x86_64.rpm
RedHatanyppc64lelibvirt-daemon-driver-storage-rbd< 7.6.0-6.module+el8.5.0+13051+7ddbe958libvirt-daemon-driver-storage-rbd-7.6.0-6.module+el8.5.0+13051+7ddbe958.ppc64le.rpm
RedHatanyppc64leruby-hivex-debuginfo< 1.3.18-22.module+el8.5.0+12087+2208d04cruby-hivex-debuginfo-1.3.18-22.module+el8.5.0+12087+2208d04c.ppc64le.rpm
RedHatanyi686ocaml-hivex-devel< 1.3.18-22.module+el8.5.0+12087+2208d04cocaml-hivex-devel-1.3.18-22.module+el8.5.0+12087+2208d04c.i686.rpm
RedHatanyi686ocaml-hivex-debuginfo< 1.3.18-22.module+el8.5.0+12087+2208d04cocaml-hivex-debuginfo-1.3.18-22.module+el8.5.0+12087+2208d04c.i686.rpm
RedHatanyppc64lelibvirt-daemon-driver-network< 7.6.0-6.module+el8.5.0+13051+7ddbe958libvirt-daemon-driver-network-7.6.0-6.module+el8.5.0+13051+7ddbe958.ppc64le.rpm
Rows per page:
1-10 of 9241

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%