Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5883 qemu-kvm security, bug fix, and enhancement update 16 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu-kvm Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2021-4158 CVE-2021-3750 CVE-2021-3611 CVE-2021-3507 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:7967 Comment: CVSS (Max): 7.5 CVE-2021-3750 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security, bug fix, and enhancement update Advisory ID: RHSA-2022:7967-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7967 Issue date: 2022-11-15 CVE Names: CVE-2021-3507 CVE-2021-3611 CVE-2021-3750 CVE-2021-4158 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757) Security Fix(es): * QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750) * QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507) * QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611) * QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1477099 - virtio-iommu (including ACPI, VHOST/VFIO integration, migration support) 1708300 - RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN 1879437 - Qemu coredump when refreshing block limits on an actively used iothread block device [rhel.9] 1904267 - Q35: Support SMBIOS 3.0 Entry Point Type 1951118 - CVE-2021-3507 QEMU: fdc: heap buffer overflow in DMA read data transfers 1968509 - Use MSG_ZEROCOPY on QEMU Live Migration 1973784 - CVE-2021-3611 QEMU: intel-hda: segmentation fault due to stack overflow 1982600 - qemu-kvm -help reports -spice despite not being compiled 1995710 - RFE: Allow virtio-scsi CD-ROM media change with IOThreads 1999073 - CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free 2020993 - 'qemu-img convert' to Qcow2 Images over RBD Failed 2023977 - Duplicate SMBIOS handles when creating large VMs 2026955 - RFE: set default resolution/EDID info to a more sensible modern size like 1280x800 (WXGA) 2035002 - CVE-2021-4158 QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c 2037612 - [Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region 2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken' 2044162 - [RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU 2046029 - [WRB] New machine type property - dtb-kaslr-seed 2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9 2062809 - Guest can not start with SLIC acpi table [rhel-9.1.0] 2062813 - Mark all RHEL-8 and earlier machine types as deprecated [rhel-9.1.0] 2062817 - Missing qemu-kvm-block-ssh obsolete breaks upgrade path [rhel-9.1.0] 2062819 - Broken upgrade path due to qemu-kvm-hw-usbredir rename [rhel-9.1.0] 2062828 - [virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device [rhel-9.1.0] 2064500 - Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1 2064530 - Rebuild qemu-kvm with clang-14 2064757 - Rebase to QEMU 7.0.0 2064771 - Update machine type compatibility for QEMU 7.0.0 update [x86_64] 2064782 - Update machine type compatibility for QEMU 7.0.0 update [s390x] 2065398 - watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843] [rhel-9.1.0] 2066824 - Aarch64: Drop unsupported CPU types 2070804 - PXE boot crash qemu when using multiqueue vDPA 2072379 - Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs) 2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption 2079938 - qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory 2081022 - Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes 2086262 - [Win11][tpm]vfio_listener_region_del received unaligned region 2094252 - Compile the virtio-iommu device on x86_64 2094270 - Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore 2095608 - Please correct the error message when try to start qemu with "-M kernel-irqchip=split" 2096143 - The migration port is not released if use it again for recovering postcopy migration 2099541 - qemu coredump with error Assertion `qemu_mutex_iothread_locked()' failed when repeatly hotplug/unplug disks in pause status 2099934 - Guest reboot on destination host after postcopy migration completed 2100106 - Fix virtio-iommu/vfio bypass 2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together 2111994 - RHEL9: skey test in kvm_unit_test got failed 2112303 - virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions 2114060 - vDPA state restore support through control virtqueue in Qemu 2116876 - Fixes for vDPA control virtqueue support in Qemu 2120275 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1] 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: qemu-kvm-7.0.0-13.el9.src.rpm aarch64: qemu-guest-agent-7.0.0-13.el9.aarch64.rpm qemu-guest-agent-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-img-7.0.0-13.el9.aarch64.rpm qemu-img-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-7.0.0-13.el9.aarch64.rpm qemu-kvm-audio-pa-7.0.0-13.el9.aarch64.rpm qemu-kvm-audio-pa-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-block-curl-7.0.0-13.el9.aarch64.rpm qemu-kvm-block-curl-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-block-rbd-7.0.0-13.el9.aarch64.rpm qemu-kvm-block-rbd-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-common-7.0.0-13.el9.aarch64.rpm qemu-kvm-common-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-core-7.0.0-13.el9.aarch64.rpm qemu-kvm-core-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-debugsource-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-gl-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-pci-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-pci-gl-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-display-virtio-gpu-pci-gl-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-usb-host-7.0.0-13.el9.aarch64.rpm qemu-kvm-device-usb-host-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-docs-7.0.0-13.el9.aarch64.rpm qemu-kvm-tests-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-kvm-tools-7.0.0-13.el9.aarch64.rpm qemu-kvm-tools-debuginfo-7.0.0-13.el9.aarch64.rpm qemu-pr-helper-7.0.0-13.el9.aarch64.rpm qemu-pr-helper-debuginfo-7.0.0-13.el9.aarch64.rpm ppc64le: qemu-guest-agent-7.0.0-13.el9.ppc64le.rpm qemu-guest-agent-debuginfo-7.0.0-13.el9.ppc64le.rpm qemu-img-7.0.0-13.el9.ppc64le.rpm qemu-img-debuginfo-7.0.0-13.el9.ppc64le.rpm qemu-kvm-debuginfo-7.0.0-13.el9.ppc64le.rpm qemu-kvm-debugsource-7.0.0-13.el9.ppc64le.rpm s390x: qemu-guest-agent-7.0.0-13.el9.s390x.rpm qemu-guest-agent-debuginfo-7.0.0-13.el9.s390x.rpm qemu-img-7.0.0-13.el9.s390x.rpm qemu-img-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-7.0.0-13.el9.s390x.rpm qemu-kvm-audio-pa-7.0.0-13.el9.s390x.rpm qemu-kvm-audio-pa-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-block-curl-7.0.0-13.el9.s390x.rpm qemu-kvm-block-curl-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-block-rbd-7.0.0-13.el9.s390x.rpm qemu-kvm-block-rbd-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-common-7.0.0-13.el9.s390x.rpm qemu-kvm-common-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-core-7.0.0-13.el9.s390x.rpm qemu-kvm-core-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-debugsource-7.0.0-13.el9.s390x.rpm qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.s390x.rpm qemu-kvm-device-display-virtio-gpu-ccw-7.0.0-13.el9.s390x.rpm qemu-kvm-device-display-virtio-gpu-ccw-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.s390x.rpm qemu-kvm-device-display-virtio-gpu-gl-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-device-usb-host-7.0.0-13.el9.s390x.rpm qemu-kvm-device-usb-host-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-docs-7.0.0-13.el9.s390x.rpm qemu-kvm-tests-debuginfo-7.0.0-13.el9.s390x.rpm qemu-kvm-tools-7.0.0-13.el9.s390x.rpm qemu-kvm-tools-debuginfo-7.0.0-13.el9.s390x.rpm qemu-pr-helper-7.0.0-13.el9.s390x.rpm qemu-pr-helper-debuginfo-7.0.0-13.el9.s390x.rpm x86_64: qemu-guest-agent-7.0.0-13.el9.x86_64.rpm qemu-guest-agent-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-img-7.0.0-13.el9.x86_64.rpm qemu-img-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-7.0.0-13.el9.x86_64.rpm qemu-kvm-audio-pa-7.0.0-13.el9.x86_64.rpm qemu-kvm-audio-pa-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-block-curl-7.0.0-13.el9.x86_64.rpm qemu-kvm-block-curl-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-block-rbd-7.0.0-13.el9.x86_64.rpm qemu-kvm-block-rbd-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-common-7.0.0-13.el9.x86_64.rpm qemu-kvm-common-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-core-7.0.0-13.el9.x86_64.rpm qemu-kvm-core-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-debugsource-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-gl-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-pci-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-pci-gl-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-gpu-pci-gl-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-vga-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-vga-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-vga-gl-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-display-virtio-vga-gl-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-usb-host-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-usb-host-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-usb-redirect-7.0.0-13.el9.x86_64.rpm qemu-kvm-device-usb-redirect-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-docs-7.0.0-13.el9.x86_64.rpm qemu-kvm-tests-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-tools-7.0.0-13.el9.x86_64.rpm qemu-kvm-tools-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-ui-egl-headless-7.0.0-13.el9.x86_64.rpm qemu-kvm-ui-egl-headless-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-kvm-ui-opengl-7.0.0-13.el9.x86_64.rpm qemu-kvm-ui-opengl-debuginfo-7.0.0-13.el9.x86_64.rpm qemu-pr-helper-7.0.0-13.el9.x86_64.rpm qemu-pr-helper-debuginfo-7.0.0-13.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3507 https://access.redhat.com/security/cve/CVE-2021-3611 https://access.redhat.com/security/cve/CVE-2021-3750 https://access.redhat.com/security/cve/CVE-2021-4158 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3OMhtzjgjWX9erEAQiSNw/+PECa4knr835Ovk54z9SclIiHdzc6yQk6 XOF3+t2hJtomewv83jwJP4mXI3IASX+FlEiZSA3R9iBz6rw/4m3VlwDHQO3Udfdy 6x5drqg1DQXo1WwyNvUuPncW8c9G/b7gEG85WnT2dRFUn+qN3RYgJzxhPgviyOTh 1PBw4RVHTOHOR9y8FMFMfVO5doWtlh1GfiaOVGRfTNMNWe76ldd5AFOa3Fez1MRl odAzuXVVXpnXx0zgYgxvu2mxCTSs0FkBZ/6Se1YHAx0YOKd311SU+EGDs5Xsl6vf 2TSrzN9JchmiS111fVWyATdMcKqUvwInAZNgm0NpTQZof+yeY7fxSXvlkZzUXrq7 8tCjTx4KR9FIj76gm1j2lL1OC8td083RFtiG9G69QJOgeIM2m1psPmRNwGo+/iS6 bK2W5cX5zuJvUJ0DvREY1L3CThxRYBfzBRwTDEHVNPbvXIrgU2h/yb7bwt1DaG2X 5poyHsbsHjW/oD1Shi4AP5PW3yJw6Mu+RhxOXFZC88bRw6wV6VhMuxuU1/DJ2W10 42kMgZHEQCMFKVK4E5rzog2iWHYToccPC0T4OYwFJA/DqY8E4HoWslraLAifPOxC wvjd50nu3/DjmF+5NHplVh9z65BQk/cEpnrTdjD0he3W0YynhfC1sD/+aLxChQ/D B1Vp/1EISs0= =LjZY - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY3Q0MskNZI30y1K9AQgmtw//aT8YJMfEdBMgtheLpOSvZpwithEY6Qno CAZmm0tQ/6d1jqFd1vQPr1HltmQyZgYZRemRlCLMQ5S5DyfkM+bfCe/rEzVuNufo SoS9G2TUSAHrCAM+UUuECHDqeganadYcG6atukTb/Qh8sAu+YCc0jnsHc4xcBI8w 2Tiun9Q6imvkvy8Y18Y/yweRjvT8AKXcFU+ff+kpNFqzmDbxdQoUCxDXc6QPbMs7 jFb+0YJxkWXSFNW7y0ebCnPSRtChVmGnTLCJcrpXJSeqSv5Lzlm4T+4Ga0FKG8Xl LmzEoaP9UNY72kH1arAisTuOt6mvKP5oRJEnHNeZ/BdttODPqcPHxCtbkASGyJ2q wvHY/rZSiM9farYabJkjlK74fsnlMXUO1J89prsdB8ksTCHV66ES6Es4sYtS+bL7 OsFm1bzohvA/QJfFSCd+ZZLExa089fbppcqDqPMbaU6c95zKfwvy9JA2HIY3ZHBY 1h+GyrYp3phQ8QTfI195ArBI1Rv3L3zAe8Q2fr/gnOsV77FgmhjxI2C7fcK0m565 mWXpwuY3zuIGIHaBSvoQs8Ud/xGbM49R6tu+x7JvNobeuY426sJdIg2ItVmQtfCk pP3wd5+S2eLvPEuoIX+j6NkakukFQk18laefaUiZSb7Cj9g8vnW4G+Z95DFZiKU/ HneuLX1w8Z4= =KEfX -----END PGP SIGNATURE-----