Lucene search

K
redhatRedHatRHSA-2022:5821
HistoryAug 02, 2022 - 7:04 a.m.

(RHSA-2022:5821) Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

2022-08-0207:04:52
access.redhat.com
89
kvm
virt:rhel
security update
bug fix
enhancement
cve-2021-4206
cve-2021-4207
cve-2022-26353
cve-2022-26354
rhel 9.0
vsock device migration
qemu-kvm binary
cpu-baseline
virt-v2v
memory prealloc

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.005

Percentile

77.4%

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow (CVE-2021-4206)

  • QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow (CVE-2021-4207)

  • QEMU: virtio-net: map leaking on error during receive (CVE-2022-26353)

  • QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak (CVE-2022-26354)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 (BZ#2071103)

  • Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs) (BZ#2072242)

  • Remove upstream-only devices from the qemu-kvm binary (BZ#2077928)

  • When doing a cpu-baseline between skylake and cascadelake, cascadelake is selected as baseline. (BZ#2084030)

  • Virt-v2v can’t convert rhel8.6 guest from VMware on rhel8.6 (BZ#2093415)

Enhancement(s):

  • Allow memory prealloc from multiple threads (BZ#2075569)
OSVersionArchitecturePackageVersionFilename
RedHatanys390xnbdkit-gzip-filter< 1.24.0-4.module+el8.6.0+14480+c0a3aa0fnbdkit-gzip-filter-1.24.0-4.module+el8.6.0+14480+c0a3aa0f.s390x.rpm
RedHatanys390xlibvirt-daemon-driver-storage-logical-debuginfo< 8.0.0-5.2.module+el8.6.0+15256+3a0914felibvirt-daemon-driver-storage-logical-debuginfo-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.s390x.rpm
RedHatanyppc64leruby-libguestfs< 1.44.0-5.module+el8.6.0+14480+c0a3aa0fruby-libguestfs-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.ppc64le.rpm
RedHatanys390xswtpm-tools< 0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0fswtpm-tools-0.7.0-1.20211109gitb79fd91.module+el8.6.0+14480+c0a3aa0f.s390x.rpm
RedHatanys390xlibiscsi-debugsource< 1.18.0-8.module+el8.6.0+14480+c0a3aa0flibiscsi-debugsource-1.18.0-8.module+el8.6.0+14480+c0a3aa0f.s390x.rpm
RedHatanyaarch64libguestfs-devel< 1.44.0-5.module+el8.6.0+14480+c0a3aa0flibguestfs-devel-1.44.0-5.module+el8.6.0+14480+c0a3aa0f.aarch64.rpm
RedHatanyx86_64qemu-kvm-ui-opengl< 6.2.0-11.module+el8.6.0+15668+464a1f31.2qemu-kvm-ui-opengl-6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64.rpm
RedHatanyppc64leruby-hivex< 1.3.18-23.module+el8.6.0+14480+c0a3aa0fruby-hivex-1.3.18-23.module+el8.6.0+14480+c0a3aa0f.ppc64le.rpm
RedHatanys390xlibtpms-debugsource< 0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0flibtpms-debugsource-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f.s390x.rpm
RedHatanyi686libvirt-daemon-driver-storage-iscsi-direct-debuginfo< 8.0.0-5.2.module+el8.6.0+15256+3a0914felibvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.i686.rpm
Rows per page:
1-10 of 9151

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.005

Percentile

77.4%