Threat Encyclopedia

RHSA-2022:1759-Security Advisory

description-logoDescription

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. The following packages have been upgraded to a later upstream version: qemu-kvm (6.2.0), libvirt (8.0.0), libvirt-python (8.0.0), perl-Sys-Virt (8.0.0), seabios (1.15.0), libtpms (0.9.1). (BZ#1997410, BZ#2012802, BZ#2012806, BZ#2012813, BZ#2018392, BZ#2027716, BZ#2029355) Security Fix(es): QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748) ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records (CVE-2021-33285) ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286) ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes (CVE-2021-33287) ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289) ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266) ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections (CVE-2021-35267) ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode (CVE-2021-35268) ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT (CVE-2021-35269) ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251) ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252) ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253) ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize() (CVE-2021-39254) ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute (CVE-2021-39255) ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256) ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257) ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258) ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length (CVE-2021-39259) ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260) ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261) ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262) ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute (CVE-2021-39263) libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485) hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622) nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS (CVE-2021-3716) libvirt: segmentation fault during VM shutdown can lead to vdsm hang (CVE-2021-3975) QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c (CVE-2021-4145) QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158) QEMU: block: fdc: null pointer dereference may lead to guest crash (CVE-2021-20196) QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748) ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records (CVE-2021-33285) ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286) ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes (CVE-2021-33287) ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289) ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266) ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections (CVE-2021-35267) ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode (CVE-2021-35268) ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT (CVE-2021-35269) ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251) ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252) ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253) ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize() (CVE-2021-39254) ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute (CVE-2021-39255) ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256) ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257) ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258) ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length (CVE-2021-39259) ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260) ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261) ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262) ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute (CVE-2021-39263) libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485) hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622) nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS (CVE-2021-3716) libvirt: segmentation fault during VM shutdown can lead to vdsm hang (CVE-2021-3975) QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c (CVE-2021-4145) QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158) QEMU: block: fdc: null pointer dereference may lead to guest crash (CVE-2021-20196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

seabios

Telemetry logoTelemetry