Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2021-2046)

The remote host is missing an update for the Huawei EulerOS 'qemu-kvm' package(s) announced via the EulerOS-SA-2021-2046 advisory.

An out-of-bounds access flaw was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user or process may use this flaw to crash the QEMU process resulting in a denial of service.(CVE-2020-13754) hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.(CVE-2020-25743) pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.(CVE-2020-25742) QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.(CVE-2020-25085) The patch for CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the SDHCI controller emulation code of QEMU, was found to be incomplete. A malicious privileged guest could reproduce the same issues with specially crafted input, inducing a bogus transfer and subsequent out-of-bounds read/write access in sdhci_do_adma() or sdhci_sdma_transfer_multi_blocks(). CVE-2021-3409 was assigned to facilitate the tracking and backporting of the new patch.(CVE-2021-3409) A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.(CVE-2021-3392) A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.(CVE-2021-3416)

'qemu-kvm' package(s) on Huawei EulerOS Virtualization 3.0.6.6.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).