Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: qemu-kvm security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2022-3165   CVE-2022-4172  

Source

Synopsis

Moderate: qemu-kvm security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

The following packages have been upgraded to a later upstream version: qemu-kvm (7.2.0). (BZ#2111769, BZ#2135806)

Security Fix(es):

  • QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion (CVE-2022-3165)
  • QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record (CVE-2022-4172)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 1860292 - RFE: add extent_size_hint information to qemu-img info
  • BZ - 1905805 - support config interrupt in vhost-vdpa qemu
  • BZ - 1963845 - QEMU quit if set nvdimm memory backend option readonly=on
  • BZ - 1979276 - SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on
  • BZ - 1983208 - i386/pc: Fix creation of >= 1Tb guests on AMD systems with IOMMU
  • BZ - 1983493 - Qemu should prompt fatal error and quit with an unsupported audiodev
  • BZ - 1986665 - [Fwcfg64] dump-guest-memory -w command report error "win-dump: failed to read CPU #2 ContextFrame location" on Windows desktop
  • BZ - 2074000 - Make memory preallocation threads NUMA aware
  • BZ - 2077376 - [RFE] Add support for 32-bit guest Windows dump with vmcoreinfo (fwcfg) via 'dump-guest-memory -w'
  • BZ - 2086980 - Please Update The Error Info More Clearly When Creating Images Over RBD with The Namespace Not Existing
  • BZ - 2087155 - Guest will get stuck at "Reached target Basic System" if insert the virtio-iommu device in pcie-root-port
  • BZ - 2091166 - Q35: dmidecode doesn't display number of cpus (>255) correctly
  • BZ - 2108531 - Windows guest reboot after migration with wsl2 installed inside
  • BZ - 2108923 - [RHEL.9.2] Display a deprecation message in '-cpu help' for deprecated CPU models
  • BZ - 2111769 - Rebase to QEMU 7.1.0
  • BZ - 2113840 - [RHEL9.2] Memory mapping optimization for virt machine
  • BZ - 2116496 - Can't run when memory backing with hugepages and backend type memfd
  • BZ - 2120480 - guest with tpm crashed when executing memory dump to kdump-zlib_format
  • BZ - 2121430 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.2.0]
  • BZ - 2122788 - virtio-net TX stall after packet bursts (probably in qemu)
  • BZ - 2123297 - Mirror job with "copy-mode":"write-blocking" that used for storage migration can't converge under heavy I/O
  • BZ - 2124446 - Can not copy/paste from host to guest after restart spice-vdagentd.service
  • BZ - 2124856 - VM with virtio interface and iommu=on will crash when try to migrate
  • BZ - 2126095 - [rhel9.2][intel_iommu]Booting guest with "-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on" causes kernel call trace
  • BZ - 2127825 - Use capstone for qemu-kvm build
  • BZ - 2128222 - VDUSE block export should be disabled in builds for now
  • BZ - 2128235 - [s390x][RHEL9] [s390x-ccw bios] lacking document about parameter loadparm in qemu
  • BZ - 2129739 - CVE-2022-3165 QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
  • BZ - 2131982 - Add rhel-9.2.0 arm virt machine type
  • BZ - 2135806 - Rebase to QEMU 7.2 for RHEL 9.2.0
  • BZ - 2136473 - Add rhel-9.2.0 s390x machine type
  • BZ - 2136797 - qemu crash when taking screenshot with png format
  • BZ - 2137327 - Add rhel-9.2.0 x86_64 machine type
  • BZ - 2137330 - RFE: guest agent 'guest-get-diskstats' api support
  • BZ - 2137332 - RFE: guest agent 'guest-get-cpustats' api support
  • BZ - 2138242 - zero-copy-send patches to RHEL9.2
  • BZ - 2141088 - vDPA SVQ guest announce support
  • BZ - 2141218 - qemu-kvm build fails with clang 15.0.1 due to false unused variable error
  • BZ - 2143584 - Update machine type compatibility for QEMU 7.2.0 update [aarch64]
  • BZ - 2143585 - Update machine type compatibility for QEMU 7.2.0 update [s390x]
  • BZ - 2144367 - [guest-agent]NVMe SMART support for Linux
  • BZ - 2144436 - usb device cannot be found in VM when starting VM with a usb-redir device
  • BZ - 2148352 - [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite
  • BZ - 2149022 - qemu-kvm: Missing dependencies between devices
  • BZ - 2149105 - CVE-2022-4172 QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record
  • BZ - 2149191 - [RFE][guest-agent] - USB bus type support
  • BZ - 2150180 - qemu-img finishes successfully while having errors in commit or bitmaps operations
  • BZ - 2152977 - RFE: support live migrating TPM state to a target that shares storage with the source
  • BZ - 2154640 - [aarch64] qemu fails to load "efi-virtio.rom" romfile when creating virtio-net-pci
  • BZ - 2155112 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)
  • BZ - 2155173 - [vhost-user] unable to start vhost net: 71: falling back on userspace
  • BZ - 2155748 - qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed
  • BZ - 2155749 - [regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X
  • BZ - 2156515 - [guest-agent] Replace '-blacklist' with '-block-rpcs' in qemu-ga config file
  • BZ - 2156876 - [virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)
  • BZ - 2158704 - RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall
  • BZ - 2159408 - [s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8
  • BZ - 2162569 - [transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2
  • BZ - 2168209 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)
  • BZ - 2169232 - RFE: reconnect option for stream socket back-end
  • BZ - 2169732 - Multifd migration fails under a weak network/socket ordering race
  • BZ - 2169904 - [SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022
  • BZ - 2173590 - bugs in emulation of BMI instructions (for libguestfs without KVM)

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started