SUSE-SU-2021:14772-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-202114772-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14772-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:14772-1
Related
Published
2021-08-03T13:12:31Z
Modified
2021-08-03T13:12:31Z
Summary
Security update for kvm
Details

This update for kvm fixes the following issues:

  • CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367)
  • CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364)
  • CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473)
  • CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612)
  • CVE-2020-11947: iscsiaioioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523)
  • CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933)
  • CVE-2020-25707: infinite loop in e1000ewritepackettoguest() in hw/net/e1000e_core.c. (bsc#1178683)
  • CVE-2020-15863: stack-based overflow in xgmacenetsend() in hw/net/xgmac.c. (bsc#1174386)
References

Affected packages

SUSE:Linux Enterprise Server 11 SP4-LTSS / kvm

Package

Name
kvm
Purl
pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.2-60.37.1

Ecosystem specific

{
    "binaries": [
        {
            "kvm": "1.4.2-60.37.1"
        }
    ]
}