SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1438

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1438

Security update for qemu

Type: security

Severity: important

Issued: 2024-04-25

Description:

This update for qemu fixes the following issues:

- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)         
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)   
- CVE-2024-3446: Fixed DMA reentrancy issue leads to double free vulnerability (bsc#1222843)
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)

References

CVE: CVE-2024-3447
CVE: CVE-2024-3446
CVE: CVE-2023-6683
CVE: CVE-2023-3019
Bugzilla: 1222845 VUL-0: CVE-2024-3447: qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
Bugzilla: 1222843 VUL-0: CVE-2024-3446: qemu: virtio: DMA reentrancy issue leads to double free vulnerability
Bugzilla: 1218889 VUL-0: CVE-2023-6683: qemu: VNC: NULL pointer dereference in qemu_clipboard_request()
Bugzilla: 1213269 VUL-0: CVE-2023-3019: qemu,kvm: e1000e: heap use-after-free in e1000e_write_packet_to_guest()

Packages

qemu-7.1.0-150500.49.15.1