[Bug 1953338] Re: [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - qemu part

Mon, 28 Feb 2022 04:46:46 -0800 

This bug was fixed in the package qemu - 1:4.2-3ubuntu6.21

---------------
qemu (1:4.2-3ubuntu6.21) focal-security; urgency=medium

  * SECURITY UPDATE: crash or code exec in USB redirector device emulation
    - debian/patches/CVE-2021-3682.patch: fix free call in
      hw/usb/redirect.c.
    - CVE-2021-3682
  * SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
    - debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
      in hw/net/virtio-net.c.
    - CVE-2021-3748
  * SECURITY UPDATE: off-by-one error in mode_sense_page()
    - debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
      MODE SELECT commands in hw/scsi/scsi-disk.c.
    - CVE-2021-3930
  * SECURITY UPDATE: NULL dereference in floppy disk emulator
    - debian/patches/CVE-2021-20196-1.patch: Extract
      blk_create_empty_drive() in hw/block/fdc.c.
    - debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
      hw/block/fdc.c.
    - CVE-2021-20196
  * SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
    - debian/patches/CVE-2021-20203.patch: validate configuration values
      during activate in hw/net/vmxnet3.c.
    - CVE-2021-20203

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 22 Feb 2022
12:44:44 -0500

** Changed in: qemu (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20196

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20203

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3682

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3748

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3930

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953338

Title:
  [UBUNTU 20.04] KVM hardware diagnose data improvements for guest
  kernel - qemu part

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1953338/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to