SUSE update for qemu
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3611 |
| CWE-ID | CWE-763 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE OpenStack Cloud Crowbar Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE OpenStack Cloud Operating systems & Components / Operating system qemu-vgabios Operating systems & Components / Operating system package or component qemu-seabios Operating systems & Components / Operating system package or component qemu-ipxe Operating systems & Components / Operating system package or component qemu-s390-debuginfo Operating systems & Components / Operating system package or component qemu-s390 Operating systems & Components / Operating system package or component qemu-arm-debuginfo Operating systems & Components / Operating system package or component qemu-arm Operating systems & Components / Operating system package or component qemu-ppc-debuginfo Operating systems & Components / Operating system package or component qemu-ppc Operating systems & Components / Operating system package or component qemu-sgabios Operating systems & Components / Operating system package or component qemu-x86 Operating systems & Components / Operating system package or component qemu-tools-debuginfo Operating systems & Components / Operating system package or component qemu-tools Operating systems & Components / Operating system package or component qemu-lang Operating systems & Components / Operating system package or component qemu-kvm Operating systems & Components / Operating system package or component qemu-guest-agent-debuginfo Operating systems & Components / Operating system package or component qemu-guest-agent Operating systems & Components / Operating system package or component qemu-debugsource Operating systems & Components / Operating system package or component qemu-block-ssh-debuginfo Operating systems & Components / Operating system package or component qemu-block-ssh Operating systems & Components / Operating system package or component qemu-block-rbd-debuginfo Operating systems & Components / Operating system package or component qemu-block-rbd Operating systems & Components / Operating system package or component qemu-block-iscsi-debuginfo Operating systems & Components / Operating system package or component qemu-block-iscsi Operating systems & Components / Operating system package or component qemu-block-curl-debuginfo Operating systems & Components / Operating system package or component qemu-block-curl Operating systems & Components / Operating system package or component qemu Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Release of invalid pointer or reference
EUVDB-ID: #VU54308
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3592
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to invalid pointer initialization within the bootp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host.
MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS
SUSE OpenStack Cloud: 9
qemu-vgabios: before 1.11.0_0_g63451fc-5.35.1
qemu-seabios: before 1.11.0_0_g63451fc-5.35.1
qemu-ipxe: before 1.0.0+-5.35.1
qemu-s390-debuginfo: before 2.11.2-5.35.1
qemu-s390: before 2.11.2-5.35.1
qemu-arm-debuginfo: before 2.11.2-5.35.1
qemu-arm: before 2.11.2-5.35.1
qemu-ppc-debuginfo: before 2.11.2-5.35.1
qemu-ppc: before 2.11.2-5.35.1
qemu-sgabios: before 8-5.35.1
qemu-x86: before 2.11.2-5.35.1
qemu-tools-debuginfo: before 2.11.2-5.35.1
qemu-tools: before 2.11.2-5.35.1
qemu-lang: before 2.11.2-5.35.1
qemu-kvm: before 2.11.2-5.35.1
qemu-guest-agent-debuginfo: before 2.11.2-5.35.1
qemu-guest-agent: before 2.11.2-5.35.1
qemu-debugsource: before 2.11.2-5.35.1
qemu-block-ssh-debuginfo: before 2.11.2-5.35.1
qemu-block-ssh: before 2.11.2-5.35.1
qemu-block-rbd-debuginfo: before 2.11.2-5.35.1
qemu-block-rbd: before 2.11.2-5.35.1
qemu-block-iscsi-debuginfo: before 2.11.2-5.35.1
qemu-block-iscsi: before 2.11.2-5.35.1
qemu-block-curl-debuginfo: before 2.11.2-5.35.1
qemu-block-curl: before 2.11.2-5.35.1
qemu: before 2.11.2-5.35.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:qemu-vgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-seabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ipxe:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-sgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-x86:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-lang:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-kvm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20212546-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Release of invalid pointer or reference
EUVDB-ID: #VU54309
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3593
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The
vulnerability exists due to invalid pointer initialization within the udp6_input() function while processing UDP packets in the SLiRP
networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.
Update the affected package qemu to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS
SUSE OpenStack Cloud: 9
qemu-vgabios: before 1.11.0_0_g63451fc-5.35.1
qemu-seabios: before 1.11.0_0_g63451fc-5.35.1
qemu-ipxe: before 1.0.0+-5.35.1
qemu-s390-debuginfo: before 2.11.2-5.35.1
qemu-s390: before 2.11.2-5.35.1
qemu-arm-debuginfo: before 2.11.2-5.35.1
qemu-arm: before 2.11.2-5.35.1
qemu-ppc-debuginfo: before 2.11.2-5.35.1
qemu-ppc: before 2.11.2-5.35.1
qemu-sgabios: before 8-5.35.1
qemu-x86: before 2.11.2-5.35.1
qemu-tools-debuginfo: before 2.11.2-5.35.1
qemu-tools: before 2.11.2-5.35.1
qemu-lang: before 2.11.2-5.35.1
qemu-kvm: before 2.11.2-5.35.1
qemu-guest-agent-debuginfo: before 2.11.2-5.35.1
qemu-guest-agent: before 2.11.2-5.35.1
qemu-debugsource: before 2.11.2-5.35.1
qemu-block-ssh-debuginfo: before 2.11.2-5.35.1
qemu-block-ssh: before 2.11.2-5.35.1
qemu-block-rbd-debuginfo: before 2.11.2-5.35.1
qemu-block-rbd: before 2.11.2-5.35.1
qemu-block-iscsi-debuginfo: before 2.11.2-5.35.1
qemu-block-iscsi: before 2.11.2-5.35.1
qemu-block-curl-debuginfo: before 2.11.2-5.35.1
qemu-block-curl: before 2.11.2-5.35.1
qemu: before 2.11.2-5.35.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:qemu-vgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-seabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ipxe:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-sgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-x86:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-lang:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-kvm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20212546-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Release of invalid pointer or reference
EUVDB-ID: #VU54310
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3594
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to invalid pointer initialization within the udp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory. MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS
SUSE OpenStack Cloud: 9
qemu-vgabios: before 1.11.0_0_g63451fc-5.35.1
qemu-seabios: before 1.11.0_0_g63451fc-5.35.1
qemu-ipxe: before 1.0.0+-5.35.1
qemu-s390-debuginfo: before 2.11.2-5.35.1
qemu-s390: before 2.11.2-5.35.1
qemu-arm-debuginfo: before 2.11.2-5.35.1
qemu-arm: before 2.11.2-5.35.1
qemu-ppc-debuginfo: before 2.11.2-5.35.1
qemu-ppc: before 2.11.2-5.35.1
qemu-sgabios: before 8-5.35.1
qemu-x86: before 2.11.2-5.35.1
qemu-tools-debuginfo: before 2.11.2-5.35.1
qemu-tools: before 2.11.2-5.35.1
qemu-lang: before 2.11.2-5.35.1
qemu-kvm: before 2.11.2-5.35.1
qemu-guest-agent-debuginfo: before 2.11.2-5.35.1
qemu-guest-agent: before 2.11.2-5.35.1
qemu-debugsource: before 2.11.2-5.35.1
qemu-block-ssh-debuginfo: before 2.11.2-5.35.1
qemu-block-ssh: before 2.11.2-5.35.1
qemu-block-rbd-debuginfo: before 2.11.2-5.35.1
qemu-block-rbd: before 2.11.2-5.35.1
qemu-block-iscsi-debuginfo: before 2.11.2-5.35.1
qemu-block-iscsi: before 2.11.2-5.35.1
qemu-block-curl-debuginfo: before 2.11.2-5.35.1
qemu-block-curl: before 2.11.2-5.35.1
qemu: before 2.11.2-5.35.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:qemu-vgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-seabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ipxe:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-sgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-x86:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-lang:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-kvm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20212546-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Release of invalid pointer or reference
EUVDB-ID: #VU54311
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3595
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to invalid pointer initialization within the tftp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory. MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS
SUSE OpenStack Cloud: 9
qemu-vgabios: before 1.11.0_0_g63451fc-5.35.1
qemu-seabios: before 1.11.0_0_g63451fc-5.35.1
qemu-ipxe: before 1.0.0+-5.35.1
qemu-s390-debuginfo: before 2.11.2-5.35.1
qemu-s390: before 2.11.2-5.35.1
qemu-arm-debuginfo: before 2.11.2-5.35.1
qemu-arm: before 2.11.2-5.35.1
qemu-ppc-debuginfo: before 2.11.2-5.35.1
qemu-ppc: before 2.11.2-5.35.1
qemu-sgabios: before 8-5.35.1
qemu-x86: before 2.11.2-5.35.1
qemu-tools-debuginfo: before 2.11.2-5.35.1
qemu-tools: before 2.11.2-5.35.1
qemu-lang: before 2.11.2-5.35.1
qemu-kvm: before 2.11.2-5.35.1
qemu-guest-agent-debuginfo: before 2.11.2-5.35.1
qemu-guest-agent: before 2.11.2-5.35.1
qemu-debugsource: before 2.11.2-5.35.1
qemu-block-ssh-debuginfo: before 2.11.2-5.35.1
qemu-block-ssh: before 2.11.2-5.35.1
qemu-block-rbd-debuginfo: before 2.11.2-5.35.1
qemu-block-rbd: before 2.11.2-5.35.1
qemu-block-iscsi-debuginfo: before 2.11.2-5.35.1
qemu-block-iscsi: before 2.11.2-5.35.1
qemu-block-curl-debuginfo: before 2.11.2-5.35.1
qemu-block-curl: before 2.11.2-5.35.1
qemu: before 2.11.2-5.35.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:qemu-vgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-seabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ipxe:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-sgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-x86:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-lang:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-kvm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20212546-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU69352
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3611
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Intel HD Audio device (intel-hda) of QEMU. A remote user of the guest OS trigger an out-of-bounds write and crash the QEMU process on the host.
MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS
SUSE OpenStack Cloud: 9
qemu-vgabios: before 1.11.0_0_g63451fc-5.35.1
qemu-seabios: before 1.11.0_0_g63451fc-5.35.1
qemu-ipxe: before 1.0.0+-5.35.1
qemu-s390-debuginfo: before 2.11.2-5.35.1
qemu-s390: before 2.11.2-5.35.1
qemu-arm-debuginfo: before 2.11.2-5.35.1
qemu-arm: before 2.11.2-5.35.1
qemu-ppc-debuginfo: before 2.11.2-5.35.1
qemu-ppc: before 2.11.2-5.35.1
qemu-sgabios: before 8-5.35.1
qemu-x86: before 2.11.2-5.35.1
qemu-tools-debuginfo: before 2.11.2-5.35.1
qemu-tools: before 2.11.2-5.35.1
qemu-lang: before 2.11.2-5.35.1
qemu-kvm: before 2.11.2-5.35.1
qemu-guest-agent-debuginfo: before 2.11.2-5.35.1
qemu-guest-agent: before 2.11.2-5.35.1
qemu-debugsource: before 2.11.2-5.35.1
qemu-block-ssh-debuginfo: before 2.11.2-5.35.1
qemu-block-ssh: before 2.11.2-5.35.1
qemu-block-rbd-debuginfo: before 2.11.2-5.35.1
qemu-block-rbd: before 2.11.2-5.35.1
qemu-block-iscsi-debuginfo: before 2.11.2-5.35.1
qemu-block-iscsi: before 2.11.2-5.35.1
qemu-block-curl-debuginfo: before 2.11.2-5.35.1
qemu-block-curl: before 2.11.2-5.35.1
qemu: before 2.11.2-5.35.1
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:qemu-vgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-seabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ipxe:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-s390:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-arm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-ppc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-sgabios:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-x86:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-lang:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-kvm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-guest-agent:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-ssh:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-rbd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-iscsi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu-block-curl:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:qemu:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2021/suse-su-20212546-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
