Vulnerability Database
Blog
FAQ
Docs
SUSE-SU-2021:14774-1
See a problem?
Please try reporting it
to the source
first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-202114774-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14774-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:14774-1
Related
CVE-2020-11947
CVE-2020-15469
CVE-2020-15863
CVE-2020-25707
CVE-2021-20221
CVE-2021-3416
CVE-2021-3592
CVE-2021-3594
Published
2021-08-06T09:11:49Z
Modified
2021-08-06T09:11:49Z
Summary
Security update for kvm
Details
This update for kvm fixes the following issues:
CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367)
CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364)
CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473)
CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612)
CVE-2020-11947: iscsi
aio
ioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523)
CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933)
CVE-2020-25707: infinite loop in e1000e
write
packet
to
guest() in hw/net/e1000e_core.c. (bsc#1178683)
CVE-2020-15863: stack-based overflow in xgmac
enet
send() in hw/net/xgmac.c. (bsc#1174386)
References
https://www.suse.com/support/update/announcement/2021/suse-su-202114774-1/
https://bugzilla.suse.com/1031692
https://bugzilla.suse.com/1173612
https://bugzilla.suse.com/1174386
https://bugzilla.suse.com/1178683
https://bugzilla.suse.com/1180523
https://bugzilla.suse.com/1181933
https://bugzilla.suse.com/1186473
https://bugzilla.suse.com/1187364
https://bugzilla.suse.com/1187367
https://www.suse.com/security/cve/CVE-2020-11947
https://www.suse.com/security/cve/CVE-2020-15469
https://www.suse.com/security/cve/CVE-2020-15863
https://www.suse.com/security/cve/CVE-2020-25707
https://www.suse.com/security/cve/CVE-2021-20221
https://www.suse.com/security/cve/CVE-2021-3416
https://www.suse.com/security/cve/CVE-2021-3592
https://www.suse.com/security/cve/CVE-2021-3594
Affected packages
SUSE:Linux Enterprise Point of Sale 11 SP3
/
kvm
Package
Name
kvm
Purl
pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.4.2-53.41.1
Ecosystem specific
{ "binaries": [ { "kvm": "1.4.2-53.41.1" } ] }
SUSE-SU-2021:14774-1 - OSV