Red Hat 8937 Published by

A qemu-kvm security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 9.



RHSA-2022:7967-01: Moderate: qemu-kvm security, bug fix, and enhancement update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: qemu-kvm security, bug fix, and enhancement update
Advisory ID: RHSA-2022:7967-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:7967
Issue date: 2022-11-15
CVE Names: CVE-2021-3507 CVE-2021-3611 CVE-2021-3750
CVE-2021-4158
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

The following packages have been upgraded to a later upstream version:
qemu-kvm (7.0.0). (BZ#2064757)

Security Fix(es):

* QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
(CVE-2021-3750)

* QEMU: fdc: heap buffer overflow in DMA read data transfers
(CVE-2021-3507)

* QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)

* QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c
(CVE-2021-4158)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (  https://bugzilla.redhat.com/):

1477099 - virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)
1708300 - RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN
1879437 - Qemu coredump when refreshing block limits on an actively used iothread block device [rhel.9]
1904267 - Q35: Support SMBIOS 3.0 Entry Point Type
1951118 - CVE-2021-3507 QEMU: fdc: heap buffer overflow in DMA read data transfers
1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
1973784 - CVE-2021-3611 QEMU: intel-hda: segmentation fault due to stack overflow
1982600 - qemu-kvm -help reports -spice despite not being compiled
1995710 - RFE: Allow virtio-scsi CD-ROM media change with IOThreads
1999073 - CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
2020993 - 'qemu-img convert' to Qcow2 Images over RBD Failed
2023977 - Duplicate SMBIOS handles when creating large VMs
2026955 - RFE: set default resolution/EDID info to a more sensible modern size like 1280x800 (WXGA)
2035002 - CVE-2021-4158 QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c
2037612 - [Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region
2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
2044162 - [RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU
2046029 - [WRB] New machine type property - dtb-kaslr-seed
2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
2062809 - Guest can not start with SLIC acpi table [rhel-9.1.0]
2062813 - Mark all RHEL-8 and earlier machine types as deprecated [rhel-9.1.0]
2062817 - Missing qemu-kvm-block-ssh obsolete breaks upgrade path [rhel-9.1.0]
2062819 - Broken upgrade path due to qemu-kvm-hw-usbredir rename [rhel-9.1.0]
2062828 - [virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device [rhel-9.1.0]
2064500 - Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1
2064530 - Rebuild qemu-kvm with clang-14
2064757 - Rebase to QEMU 7.0.0
2064771 - Update machine type compatibility for QEMU 7.0.0 update [x86_64]
2064782 - Update machine type compatibility for QEMU 7.0.0 update [s390x]
2065398 - watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843] [rhel-9.1.0]
2066824 - Aarch64: Drop unsupported CPU types
2070804 - PXE boot crash qemu when using multiqueue vDPA
2072379 - Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)
2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
2079938 - qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory
2081022 - Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes
2086262 - [Win11][tpm]vfio_listener_region_del received unaligned region
2094252 - Compile the virtio-iommu device on x86_64
2094270 - Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore
2095608 - Please correct the error message when try to start qemu with "-M kernel-irqchip=split"
2096143 - The migration port is not released if use it again for recovering postcopy migration
2099541 - qemu coredump with error Assertion `qemu_mutex_iothread_locked()' failed when repeatly hotplug/unplug disks in pause status
2099934 - Guest reboot on destination host after postcopy migration completed
2100106 - Fix virtio-iommu/vfio bypass
2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
2111994 - RHEL9: skey test in kvm_unit_test got failed
2112303 - virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions
2114060 - vDPA state restore support through control virtqueue in Qemu
2116876 - Fixes for vDPA control virtqueue support in Qemu
2120275 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
qemu-kvm-7.0.0-13.el9.src.rpm

aarch64:
qemu-guest-agent-7.0.0-13.el9.aarch64.rpm
qemu-guest-agent-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-img-7.0.0-13.el9.aarch64.rpm
qemu-img-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-7.0.0-13.el9.aarch64.rpm
qemu-kvm-audio-pa-7.0.0-13.el9.aarch64.rpm
qemu-kvm-audio-pa-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-block-curl-7.0.0-13.el9.aarch64.rpm
qemu-kvm-block-curl-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-block-rbd-7.0.0-13.el9.aarch64.rpm
qemu-kvm-block-rbd-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-common-7.0.0-13.el9.aarch64.rpm
qemu-kvm-common-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-core-7.0.0-13.el9.aarch64.rpm
qemu-kvm-core-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-debugsource-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-gl-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-gl-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-gl-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-usb-host-7.0.0-13.el9.aarch64.rpm
qemu-kvm-device-usb-host-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-docs-7.0.0-13.el9.aarch64.rpm
qemu-kvm-tests-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-kvm-tools-7.0.0-13.el9.aarch64.rpm
qemu-kvm-tools-debuginfo-7.0.0-13.el9.aarch64.rpm
qemu-pr-helper-7.0.0-13.el9.aarch64.rpm
qemu-pr-helper-debuginfo-7.0.0-13.el9.aarch64.rpm

ppc64le:
qemu-guest-agent-7.0.0-13.el9.ppc64le.rpm
qemu-guest-agent-debuginfo-7.0.0-13.el9.ppc64le.rpm
qemu-img-7.0.0-13.el9.ppc64le.rpm
qemu-img-debuginfo-7.0.0-13.el9.ppc64le.rpm
qemu-kvm-debuginfo-7.0.0-13.el9.ppc64le.rpm
qemu-kvm-debugsource-7.0.0-13.el9.ppc64le.rpm

s390x:
qemu-guest-agent-7.0.0-13.el9.s390x.rpm
qemu-guest-agent-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-img-7.0.0-13.el9.s390x.rpm
qemu-img-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-7.0.0-13.el9.s390x.rpm
qemu-kvm-audio-pa-7.0.0-13.el9.s390x.rpm
qemu-kvm-audio-pa-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-block-curl-7.0.0-13.el9.s390x.rpm
qemu-kvm-block-curl-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-block-rbd-7.0.0-13.el9.s390x.rpm
qemu-kvm-block-rbd-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-common-7.0.0-13.el9.s390x.rpm
qemu-kvm-common-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-core-7.0.0-13.el9.s390x.rpm
qemu-kvm-core-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-debugsource-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-display-virtio-gpu-ccw-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-display-virtio-gpu-ccw-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-display-virtio-gpu-gl-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-usb-host-7.0.0-13.el9.s390x.rpm
qemu-kvm-device-usb-host-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-docs-7.0.0-13.el9.s390x.rpm
qemu-kvm-tests-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-kvm-tools-7.0.0-13.el9.s390x.rpm
qemu-kvm-tools-debuginfo-7.0.0-13.el9.s390x.rpm
qemu-pr-helper-7.0.0-13.el9.s390x.rpm
qemu-pr-helper-debuginfo-7.0.0-13.el9.s390x.rpm

x86_64:
qemu-guest-agent-7.0.0-13.el9.x86_64.rpm
qemu-guest-agent-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-img-7.0.0-13.el9.x86_64.rpm
qemu-img-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-7.0.0-13.el9.x86_64.rpm
qemu-kvm-audio-pa-7.0.0-13.el9.x86_64.rpm
qemu-kvm-audio-pa-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-block-curl-7.0.0-13.el9.x86_64.rpm
qemu-kvm-block-curl-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-block-rbd-7.0.0-13.el9.x86_64.rpm
qemu-kvm-block-rbd-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-common-7.0.0-13.el9.x86_64.rpm
qemu-kvm-common-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-core-7.0.0-13.el9.x86_64.rpm
qemu-kvm-core-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-debugsource-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-gl-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-gl-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-gl-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-gl-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-vga-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-vga-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-vga-gl-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-display-virtio-vga-gl-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-usb-host-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-usb-host-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-usb-redirect-7.0.0-13.el9.x86_64.rpm
qemu-kvm-device-usb-redirect-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-docs-7.0.0-13.el9.x86_64.rpm
qemu-kvm-tests-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-tools-7.0.0-13.el9.x86_64.rpm
qemu-kvm-tools-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-ui-egl-headless-7.0.0-13.el9.x86_64.rpm
qemu-kvm-ui-egl-headless-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-kvm-ui-opengl-7.0.0-13.el9.x86_64.rpm
qemu-kvm-ui-opengl-debuginfo-7.0.0-13.el9.x86_64.rpm
qemu-pr-helper-7.0.0-13.el9.x86_64.rpm
qemu-pr-helper-debuginfo-7.0.0-13.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2021-3507
  https://access.redhat.com/security/cve/CVE-2021-3611
  https://access.redhat.com/security/cve/CVE-2021-3750
  https://access.redhat.com/security/cve/CVE-2021-4158
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.