Red Hat Security Advisory 2021-3061-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, denial of service, and out of bounds access vulnerabilities.
66e0a1ac543249bbe6d765192ae964d7bdf8592d935524bd9c4a35ee66ca180c
Ubuntu Security Notice 4467-3 - USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
0af9f05cea9149bfe3ca52b755be60ad5124e2d45b7d3706d47f59dfa1ef633c
Ubuntu Security Notice 4467-2 - USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
0868d01ddebed6397076e880f2702ccc2a97012fa237ddbde4531198d57bcbee
Gentoo Linux Security Advisory 202011-9 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 5.1.0-r1 are affected.
5d95ad52fc75012ed91b82e53b3043a7867fe90adef97e5fe61a56d75c7075b6
Ubuntu Security Notice 4467-1 - Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.
9aa3179b34eb601658a9a487805ca5302a3e7b10616c6b4f88ebda6983d3906c
Debian Linux Security Advisory 4728-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service.
dea50ea2adefea567a4b636347dcd73912d096e9869103369b2261024a9815ff