qemu-7.0.0-53.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12209 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z qemu-7.0.0-53.1 on GA media These are all security issues fixed in the qemu-7.0.0-53.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12209 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12209 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-4206/ SUSE CVE CVE-2021-4206 page https://www.suse.com/security/cve/CVE-2021-4207/ SUSE CVE CVE-2021-4207 page https://www.suse.com/security/cve/CVE-2022-0216/ SUSE CVE CVE-2022-0216 page https://www.suse.com/security/cve/CVE-2022-26353/ SUSE CVE CVE-2022-26353 page https://www.suse.com/security/cve/CVE-2022-26354/ SUSE CVE CVE-2022-26354 page https://www.suse.com/security/cve/CVE-2022-35414/ SUSE CVE CVE-2022-35414 page openSUSE Tumbleweed qemu-7.0.0-53.1 qemu-SLOF-7.0.0-53.1 qemu-accel-qtest-7.0.0-53.1 qemu-accel-tcg-x86-7.0.0-53.1 qemu-arm-7.0.0-53.1 qemu-audio-alsa-7.0.0-53.1 qemu-audio-dbus-7.0.0-53.1 qemu-audio-jack-7.0.0-53.1 qemu-audio-oss-7.0.0-53.1 qemu-audio-pa-7.0.0-53.1 qemu-audio-spice-7.0.0-53.1 qemu-block-curl-7.0.0-53.1 qemu-block-dmg-7.0.0-53.1 qemu-block-gluster-7.0.0-53.1 qemu-block-iscsi-7.0.0-53.1 qemu-block-nfs-7.0.0-53.1 qemu-block-rbd-7.0.0-53.1 qemu-block-ssh-7.0.0-53.1 qemu-chardev-baum-7.0.0-53.1 qemu-chardev-spice-7.0.0-53.1 qemu-extra-7.0.0-53.1 qemu-guest-agent-7.0.0-53.1 qemu-hw-display-qxl-7.0.0-53.1 qemu-hw-display-virtio-gpu-7.0.0-53.1 qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 qemu-hw-display-virtio-vga-7.0.0-53.1 qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 qemu-hw-usb-host-7.0.0-53.1 qemu-hw-usb-redirect-7.0.0-53.1 qemu-hw-usb-smartcard-7.0.0-53.1 qemu-ipxe-1.0.0+-53.1 qemu-ivshmem-tools-7.0.0-53.1 qemu-ksm-7.0.0-53.1 qemu-kvm-7.0.0-53.1 qemu-lang-7.0.0-53.1 qemu-microvm-7.0.0-53.1 qemu-ppc-7.0.0-53.1 qemu-s390x-7.0.0-53.1 qemu-seabios-1.16.0_0_gd239552-53.1 qemu-sgabios-8-53.1 qemu-skiboot-7.0.0-53.1 qemu-tools-7.0.0-53.1 qemu-ui-curses-7.0.0-53.1 qemu-ui-dbus-7.0.0-53.1 qemu-ui-gtk-7.0.0-53.1 qemu-ui-opengl-7.0.0-53.1 qemu-ui-spice-app-7.0.0-53.1 qemu-ui-spice-core-7.0.0-53.1 qemu-vgabios-1.16.0_0_gd239552-53.1 qemu-vhost-user-gpu-7.0.0-53.1 qemu-x86-7.0.0-53.1 qemu-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-SLOF-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-accel-qtest-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-accel-tcg-x86-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-arm-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-audio-alsa-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-audio-dbus-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-audio-jack-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-audio-oss-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-audio-pa-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-audio-spice-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-curl-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-dmg-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-gluster-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-iscsi-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-nfs-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-rbd-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-block-ssh-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-chardev-baum-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-chardev-spice-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-extra-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-guest-agent-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-display-qxl-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-display-virtio-gpu-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-display-virtio-vga-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-usb-host-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-usb-redirect-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-hw-usb-smartcard-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ipxe-1.0.0+-53.1 as a component of openSUSE Tumbleweed qemu-ivshmem-tools-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ksm-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-kvm-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-lang-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-microvm-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ppc-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-s390x-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-seabios-1.16.0_0_gd239552-53.1 as a component of openSUSE Tumbleweed qemu-sgabios-8-53.1 as a component of openSUSE Tumbleweed qemu-skiboot-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-tools-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ui-curses-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ui-dbus-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ui-gtk-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ui-opengl-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ui-spice-app-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-ui-spice-core-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-vgabios-1.16.0_0_gd239552-53.1 as a component of openSUSE Tumbleweed qemu-vhost-user-gpu-7.0.0-53.1 as a component of openSUSE Tumbleweed qemu-x86-7.0.0-53.1 as a component of openSUSE Tumbleweed A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. CVE-2021-4206 openSUSE Tumbleweed:qemu-7.0.0-53.1 openSUSE Tumbleweed:qemu-SLOF-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-qtest-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-tcg-x86-7.0.0-53.1 openSUSE Tumbleweed:qemu-arm-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-alsa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-jack-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-oss-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-pa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-curl-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-dmg-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-gluster-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-iscsi-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-nfs-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-rbd-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-ssh-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-baum-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-extra-7.0.0-53.1 openSUSE Tumbleweed:qemu-guest-agent-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-qxl-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-vga-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-host-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-redirect-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-smartcard-7.0.0-53.1 openSUSE Tumbleweed:qemu-ipxe-1.0.0+-53.1 openSUSE Tumbleweed:qemu-ivshmem-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ksm-7.0.0-53.1 openSUSE Tumbleweed:qemu-kvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-lang-7.0.0-53.1 openSUSE Tumbleweed:qemu-microvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-ppc-7.0.0-53.1 openSUSE Tumbleweed:qemu-s390x-7.0.0-53.1 openSUSE Tumbleweed:qemu-seabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-sgabios-8-53.1 openSUSE Tumbleweed:qemu-skiboot-7.0.0-53.1 openSUSE Tumbleweed:qemu-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-curses-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-gtk-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-opengl-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-app-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-core-7.0.0-53.1 openSUSE Tumbleweed:qemu-vgabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-vhost-user-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-x86-7.0.0-53.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-4206.html CVE-2021-4206 https://bugzilla.suse.com/1198035 SUSE Bug 1198035 https://bugzilla.suse.com/1211582 SUSE Bug 1211582 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. CVE-2021-4207 openSUSE Tumbleweed:qemu-7.0.0-53.1 openSUSE Tumbleweed:qemu-SLOF-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-qtest-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-tcg-x86-7.0.0-53.1 openSUSE Tumbleweed:qemu-arm-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-alsa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-jack-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-oss-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-pa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-curl-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-dmg-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-gluster-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-iscsi-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-nfs-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-rbd-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-ssh-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-baum-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-extra-7.0.0-53.1 openSUSE Tumbleweed:qemu-guest-agent-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-qxl-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-vga-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-host-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-redirect-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-smartcard-7.0.0-53.1 openSUSE Tumbleweed:qemu-ipxe-1.0.0+-53.1 openSUSE Tumbleweed:qemu-ivshmem-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ksm-7.0.0-53.1 openSUSE Tumbleweed:qemu-kvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-lang-7.0.0-53.1 openSUSE Tumbleweed:qemu-microvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-ppc-7.0.0-53.1 openSUSE Tumbleweed:qemu-s390x-7.0.0-53.1 openSUSE Tumbleweed:qemu-seabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-sgabios-8-53.1 openSUSE Tumbleweed:qemu-skiboot-7.0.0-53.1 openSUSE Tumbleweed:qemu-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-curses-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-gtk-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-opengl-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-app-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-core-7.0.0-53.1 openSUSE Tumbleweed:qemu-vgabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-vhost-user-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-x86-7.0.0-53.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-4207.html CVE-2021-4207 https://bugzilla.suse.com/1198037 SUSE Bug 1198037 A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. CVE-2022-0216 openSUSE Tumbleweed:qemu-7.0.0-53.1 openSUSE Tumbleweed:qemu-SLOF-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-qtest-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-tcg-x86-7.0.0-53.1 openSUSE Tumbleweed:qemu-arm-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-alsa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-jack-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-oss-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-pa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-curl-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-dmg-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-gluster-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-iscsi-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-nfs-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-rbd-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-ssh-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-baum-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-extra-7.0.0-53.1 openSUSE Tumbleweed:qemu-guest-agent-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-qxl-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-vga-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-host-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-redirect-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-smartcard-7.0.0-53.1 openSUSE Tumbleweed:qemu-ipxe-1.0.0+-53.1 openSUSE Tumbleweed:qemu-ivshmem-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ksm-7.0.0-53.1 openSUSE Tumbleweed:qemu-kvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-lang-7.0.0-53.1 openSUSE Tumbleweed:qemu-microvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-ppc-7.0.0-53.1 openSUSE Tumbleweed:qemu-s390x-7.0.0-53.1 openSUSE Tumbleweed:qemu-seabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-sgabios-8-53.1 openSUSE Tumbleweed:qemu-skiboot-7.0.0-53.1 openSUSE Tumbleweed:qemu-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-curses-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-gtk-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-opengl-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-app-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-core-7.0.0-53.1 openSUSE Tumbleweed:qemu-vgabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-vhost-user-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-x86-7.0.0-53.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0216.html CVE-2022-0216 https://bugzilla.suse.com/1198038 SUSE Bug 1198038 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. CVE-2022-26353 openSUSE Tumbleweed:qemu-7.0.0-53.1 openSUSE Tumbleweed:qemu-SLOF-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-qtest-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-tcg-x86-7.0.0-53.1 openSUSE Tumbleweed:qemu-arm-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-alsa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-jack-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-oss-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-pa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-curl-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-dmg-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-gluster-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-iscsi-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-nfs-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-rbd-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-ssh-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-baum-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-extra-7.0.0-53.1 openSUSE Tumbleweed:qemu-guest-agent-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-qxl-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-vga-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-host-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-redirect-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-smartcard-7.0.0-53.1 openSUSE Tumbleweed:qemu-ipxe-1.0.0+-53.1 openSUSE Tumbleweed:qemu-ivshmem-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ksm-7.0.0-53.1 openSUSE Tumbleweed:qemu-kvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-lang-7.0.0-53.1 openSUSE Tumbleweed:qemu-microvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-ppc-7.0.0-53.1 openSUSE Tumbleweed:qemu-s390x-7.0.0-53.1 openSUSE Tumbleweed:qemu-seabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-sgabios-8-53.1 openSUSE Tumbleweed:qemu-skiboot-7.0.0-53.1 openSUSE Tumbleweed:qemu-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-curses-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-gtk-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-opengl-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-app-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-core-7.0.0-53.1 openSUSE Tumbleweed:qemu-vgabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-vhost-user-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-x86-7.0.0-53.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-26353.html CVE-2022-26353 https://bugzilla.suse.com/1198711 SUSE Bug 1198711 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. CVE-2022-26354 openSUSE Tumbleweed:qemu-7.0.0-53.1 openSUSE Tumbleweed:qemu-SLOF-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-qtest-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-tcg-x86-7.0.0-53.1 openSUSE Tumbleweed:qemu-arm-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-alsa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-jack-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-oss-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-pa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-curl-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-dmg-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-gluster-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-iscsi-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-nfs-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-rbd-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-ssh-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-baum-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-extra-7.0.0-53.1 openSUSE Tumbleweed:qemu-guest-agent-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-qxl-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-vga-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-host-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-redirect-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-smartcard-7.0.0-53.1 openSUSE Tumbleweed:qemu-ipxe-1.0.0+-53.1 openSUSE Tumbleweed:qemu-ivshmem-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ksm-7.0.0-53.1 openSUSE Tumbleweed:qemu-kvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-lang-7.0.0-53.1 openSUSE Tumbleweed:qemu-microvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-ppc-7.0.0-53.1 openSUSE Tumbleweed:qemu-s390x-7.0.0-53.1 openSUSE Tumbleweed:qemu-seabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-sgabios-8-53.1 openSUSE Tumbleweed:qemu-skiboot-7.0.0-53.1 openSUSE Tumbleweed:qemu-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-curses-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-gtk-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-opengl-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-app-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-core-7.0.0-53.1 openSUSE Tumbleweed:qemu-vgabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-vhost-user-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-x86-7.0.0-53.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-26354.html CVE-2022-26354 https://bugzilla.suse.com/1198712 SUSE Bug 1198712 ** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time." CVE-2022-35414 openSUSE Tumbleweed:qemu-7.0.0-53.1 openSUSE Tumbleweed:qemu-SLOF-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-qtest-7.0.0-53.1 openSUSE Tumbleweed:qemu-accel-tcg-x86-7.0.0-53.1 openSUSE Tumbleweed:qemu-arm-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-alsa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-jack-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-oss-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-pa-7.0.0-53.1 openSUSE Tumbleweed:qemu-audio-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-curl-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-dmg-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-gluster-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-iscsi-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-nfs-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-rbd-7.0.0-53.1 openSUSE Tumbleweed:qemu-block-ssh-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-baum-7.0.0-53.1 openSUSE Tumbleweed:qemu-chardev-spice-7.0.0-53.1 openSUSE Tumbleweed:qemu-extra-7.0.0-53.1 openSUSE Tumbleweed:qemu-guest-agent-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-qxl-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-gpu-pci-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-display-virtio-vga-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-s390x-virtio-gpu-ccw-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-host-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-redirect-7.0.0-53.1 openSUSE Tumbleweed:qemu-hw-usb-smartcard-7.0.0-53.1 openSUSE Tumbleweed:qemu-ipxe-1.0.0+-53.1 openSUSE Tumbleweed:qemu-ivshmem-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ksm-7.0.0-53.1 openSUSE Tumbleweed:qemu-kvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-lang-7.0.0-53.1 openSUSE Tumbleweed:qemu-microvm-7.0.0-53.1 openSUSE Tumbleweed:qemu-ppc-7.0.0-53.1 openSUSE Tumbleweed:qemu-s390x-7.0.0-53.1 openSUSE Tumbleweed:qemu-seabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-sgabios-8-53.1 openSUSE Tumbleweed:qemu-skiboot-7.0.0-53.1 openSUSE Tumbleweed:qemu-tools-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-curses-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-dbus-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-gtk-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-opengl-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-app-7.0.0-53.1 openSUSE Tumbleweed:qemu-ui-spice-core-7.0.0-53.1 openSUSE Tumbleweed:qemu-vgabios-1.16.0_0_gd239552-53.1 openSUSE Tumbleweed:qemu-vhost-user-gpu-7.0.0-53.1 openSUSE Tumbleweed:qemu-x86-7.0.0-53.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-35414.html CVE-2022-35414 https://bugzilla.suse.com/1201367 SUSE Bug 1201367