{"schema_version":"1.7.2","id":"OESA-2021-1072","modified":"2021-03-05T11:02:40Z","published":"2021-03-05T11:02:40Z","upstream":["CVE-2020-13754","CVE-2019-20808","CVE-2020-17380"],"summary":"qemu security update","details":"QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.\n\r\nSecurity Fix(es):\n\r\nhw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.(CVE-2020-13754)\n\nIn QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.(CVE-2019-20808)\n\nA heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.(CVE-2020-17380)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"qemu","purl":"pkg:rpm/openEuler/qemu\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.0-35.oe1"}]}],"ecosystem_specific":{"aarch64":["qemu-4.1.0-33.oe1.aarch64.rpm","qemu-debugsource-4.1.0-33.oe1.aarch64.rpm","qemu-debuginfo-4.1.0-33.oe1.aarch64.rpm","qemu-guest-agent-4.1.0-33.oe1.aarch64.rpm","qemu-img-4.1.0-33.oe1.aarch64.rpm","qemu-4.1.0-35.oe1.aarch64.rpm","qemu-debugsource-4.1.0-35.oe1.aarch64.rpm","qemu-debuginfo-4.1.0-35.oe1.aarch64.rpm","qemu-guest-agent-4.1.0-35.oe1.aarch64.rpm","qemu-img-4.1.0-35.oe1.aarch64.rpm"],"noarch":["qemu-help-4.1.0-33.oe1.noarch.rpm","qemu-help-4.1.0-35.oe1.noarch.rpm"],"src":["qemu-4.1.0-33.oe1.src.rpm","qemu-4.1.0-35.oe1.src.rpm"],"x86_64":["qemu-4.1.0-33.oe1.x86_64.rpm","qemu-debuginfo-4.1.0-33.oe1.x86_64.rpm","qemu-guest-agent-4.1.0-33.oe1.x86_64.rpm","qemu-debugsource-4.1.0-33.oe1.x86_64.rpm","qemu-img-4.1.0-33.oe1.x86_64.rpm","qemu-4.1.0-35.oe1.x86_64.rpm","qemu-debuginfo-4.1.0-35.oe1.x86_64.rpm","qemu-guest-agent-4.1.0-35.oe1.x86_64.rpm","qemu-debugsource-4.1.0-35.oe1.x86_64.rpm","qemu-img-4.1.0-35.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"qemu","purl":"pkg:rpm/openEuler/qemu\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.0-35.oe1"}]}],"ecosystem_specific":{"aarch64":["qemu-4.1.0-35.oe1.aarch64.rpm","qemu-debugsource-4.1.0-35.oe1.aarch64.rpm","qemu-debuginfo-4.1.0-35.oe1.aarch64.rpm","qemu-guest-agent-4.1.0-35.oe1.aarch64.rpm","qemu-img-4.1.0-35.oe1.aarch64.rpm"],"noarch":["qemu-help-4.1.0-35.oe1.noarch.rpm"],"src":["qemu-4.1.0-35.oe1.src.rpm"],"x86_64":["qemu-4.1.0-35.oe1.x86_64.rpm","qemu-debuginfo-4.1.0-35.oe1.x86_64.rpm","qemu-guest-agent-4.1.0-35.oe1.x86_64.rpm","qemu-debugsource-4.1.0-35.oe1.x86_64.rpm","qemu-img-4.1.0-35.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1072"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13754"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20808"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17380"}],"database_specific":{"severity":"Medium"}}