{"id":"SUSE-SU-2021:1942-1","summary":"Security update for qemu","details":"This update for qemu fixes the following issues:\n\n- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103)\n- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)\n- Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373)\n- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)\n- Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)\n- For the record, these issues are fixed in this package already.\n  Most are alternate references to previously mentioned issues:\n  (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,\n  CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,\n  CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,\n  CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)\n","modified":"2026-02-04T02:14:19.470204Z","published":"2021-06-10T08:50:33Z","related":["CVE-2019-15890","CVE-2020-14364","CVE-2020-17380","CVE-2020-25085","CVE-2020-25707","CVE-2020-25723","CVE-2020-27821","CVE-2020-29129","CVE-2020-29130","CVE-2020-8608","CVE-2021-20263","CVE-2021-3409","CVE-2021-3416","CVE-2021-3419"],"upstream":["CVE-2019-15890","CVE-2020-14364","CVE-2020-17380","CVE-2020-25085","CVE-2020-25707","CVE-2020-25723","CVE-2020-27821","CVE-2020-29129","CVE-2020-29130","CVE-2020-8608","CVE-2021-20263","CVE-2021-3409","CVE-2021-3416","CVE-2021-3419"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20211942-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149813"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175144"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175534"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176681"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178683"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178935"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179477"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179484"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179686"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182282"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182425"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182968"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182975"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183373"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15890"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-17380"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25707"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27821"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-29129"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-29130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-8608"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20263"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3409"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3416"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3419"}],"affected":[{"package":{"name":"qemu","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP3","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.0-17.1"}]}],"ecosystem_specific":{"binaries":[{"qemu-tools":"5.2.0-17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1942-1.json"}},{"package":{"name":"qemu","ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP3","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.0-17.1"}]}],"ecosystem_specific":{"binaries":[{"qemu-sgabios":"8-17.1","qemu-hw-s390x-virtio-gpu-ccw":"5.2.0-17.1","qemu-hw-display-virtio-gpu-pci":"5.2.0-17.1","qemu-ksm":"5.2.0-17.1","qemu":"5.2.0-17.1","qemu-seabios":"1.14.0_0_g155821a-17.1","qemu-ipxe":"1.0.0+-17.1","qemu-vgabios":"1.14.0_0_g155821a-17.1","qemu-block-ssh":"5.2.0-17.1","qemu-skiboot":"5.2.0-17.1","qemu-hw-display-virtio-gpu":"5.2.0-17.1","qemu-ui-spice-core":"5.2.0-17.1","qemu-audio-pa":"5.2.0-17.1","qemu-x86":"5.2.0-17.1","qemu-chardev-baum":"5.2.0-17.1","qemu-lang":"5.2.0-17.1","qemu-block-curl":"5.2.0-17.1","qemu-kvm":"5.2.0-17.1","qemu-arm":"5.2.0-17.1","qemu-ui-curses":"5.2.0-17.1","qemu-chardev-spice":"5.2.0-17.1","qemu-audio-spice":"5.2.0-17.1","qemu-hw-display-qxl":"5.2.0-17.1","qemu-ui-opengl":"5.2.0-17.1","qemu-block-iscsi":"5.2.0-17.1","qemu-guest-agent":"5.2.0-17.1","qemu-ppc":"5.2.0-17.1","qemu-hw-usb-redirect":"5.2.0-17.1","qemu-hw-display-virtio-vga":"5.2.0-17.1","qemu-audio-alsa":"5.2.0-17.1","qemu-s390x":"5.2.0-17.1","qemu-block-rbd":"5.2.0-17.1","qemu-ui-spice-app":"5.2.0-17.1","qemu-ui-gtk":"5.2.0-17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1942-1.json"}}],"schema_version":"1.7.3"}