[ubuntu/hirsute-security] qemu 1:5.2+dfsg-9ubuntu3.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jul 15 17:27:19 UTC 2021

qemu (1:5.2+dfsg-9ubuntu3.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
    - debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
    - debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
    - debian/patches/CVE-2020-15469-3.patch: add quirk device write method
      in hw/vfio/pci-quirks.c.
    - debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
    - debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
      method in hw/nvram/nrf51_nvm.c.
    - debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
    - debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
      in hw/misc/tz-ppc.c.
    - debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
      in hw/misc/imx7_ccm.c.
    - CVE-2020-15469
  * SECURITY UPDATE: out of bounds read in ide_atapi_cmd_reply_end
    - debian/patches/CVE-2020-29443-2.patch: check logical block address
      and read size in hw/ide/atapi.c.
    - CVE-2020-29443
  * SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
    - debian/patches/CVE-2020-35504.patch: always check current_req is not
      NULL before use in DMA callbacks in hw/scsi/esp.c.
    - CVE-2020-35504
  * SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
    - debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
      current_dev is non-NULL in hw/scsi/esp.c.
    - CVE-2020-35505
  * SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
    - debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
      field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
    - CVE-2021-3392
  * SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
    - debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
      command time out in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
      register when transfer is in progress in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-3.patch: correctly set the controller
      status for ADMA in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-4.patch: limit block size only when
      SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
      s->fifo_buffer[] when a different block size is programmed in
    - CVE-2021-3409
  * SECURITY UPDATE: DoS in USB redirector device
    - debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
      in hw/usb/redirect.c.
    - debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
      in hw/usb/combined-packet.c.
    - CVE-2021-3527
  * SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
    - debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
    - debian/patches/CVE-2021-3544-2.patch: fix resource leak in
    - debian/patches/CVE-2021-3544-3.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-4.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-5.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-6.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-7.patch: fix OOB write in
    - debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
      in contrib/vhost-user-gpu/vhost-user-gpu.c,
      contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
    - CVE-2021-3544
    - CVE-2021-3545
    - CVE-2021-3546
  * SECURITY UPDATE: mremap overflow in the pvrdma device
    - debian/patches/CVE-2021-3582.patch: check lengths in
    - CVE-2021-3582
  * SECURITY UPDATE: integer overflow in pvrdma device
    - debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
      in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2021-3607
  * SECURITY UPDATE: uninitialized memory unmap in pvrdma device
    - debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
    - CVE-2021-3608

Date: 2021-07-13 11:11:29.159064+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Hirsute-changes mailing list