Red Hat 8833 Published by

A qemu-kvm security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 9.



RHSA-2023:2162-01: Moderate: qemu-kvm security, bug fix, and enhancement update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: qemu-kvm security, bug fix, and enhancement update
Advisory ID: RHSA-2023:2162-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2023:2162
Issue date: 2023-05-09
CVE Names: CVE-2022-3165 CVE-2022-4172
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

The following packages have been upgraded to a later upstream version:
qemu-kvm (7.2.0). (BZ#2111769, BZ#2135806)

Security Fix(es):

* QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU
exhaustion (CVE-2022-3165)

* QEMU: ACPI ERST: memory corruption issues in read_erst_record and
write_erst_record (CVE-2022-4172)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (  https://bugzilla.redhat.com/):

1860292 - RFE: add extent_size_hint information to qemu-img info
1905805 - support config interrupt in vhost-vdpa qemu
1963845 - QEMU quit if set nvdimm memory backend option readonly=on
1979276 - SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on
1983208 - i386/pc: Fix creation of >= 1Tb guests on AMD systems with IOMMU
1983493 - Qemu should prompt fatal error and quit with an unsupported audiodev
1986665 - [Fwcfg64] dump-guest-memory -w command report error "win-dump: failed to read CPU #2 ContextFrame location" on Windows desktop
2074000 - Make memory preallocation threads NUMA aware
2077376 - [RFE] Add support for 32-bit guest Windows dump with vmcoreinfo (fwcfg) via 'dump-guest-memory -w'
2086980 - Please Update The Error Info More Clearly When Creating Images Over RBD with The Namespace Not Existing
2087155 - Guest will get stuck at "Reached target Basic System" if insert the virtio-iommu device in pcie-root-port
2091166 - Q35: dmidecode doesn't display number of cpus (>255) correctly
2108531 - Windows guest reboot after migration with wsl2 installed inside
2108923 - [RHEL.9.2] Display a deprecation message in '-cpu help' for deprecated CPU models
2111769 - Rebase to QEMU 7.1.0
2113840 - [RHEL9.2] Memory mapping optimization for virt machine
2116496 - Can't run when memory backing with hugepages and backend type memfd
2120480 - guest with tpm crashed when executing memory dump to kdump-zlib_format
2121430 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.2.0]
2122788 - virtio-net TX stall after packet bursts (probably in qemu)
2123297 - Mirror job with "copy-mode":"write-blocking" that used for storage migration can't converge under heavy I/O
2124446 - Can not copy/paste from host to guest after restart spice-vdagentd.service
2124856 - VM with virtio interface and iommu=on will crash when try to migrate
2126095 - [rhel9.2][intel_iommu]Booting guest with "-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on" causes kernel call trace
2127825 - Use capstone for qemu-kvm build
2128222 - VDUSE block export should be disabled in builds for now
2128235 - [s390x][RHEL9] [s390x-ccw bios] lacking document about parameter loadparm in qemu
2129739 - CVE-2022-3165 QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
2131982 - Add rhel-9.2.0 arm virt machine type
2135806 - Rebase to QEMU 7.2 for RHEL 9.2.0
2136473 - Add rhel-9.2.0 s390x machine type
2136797 - qemu crash when taking screenshot with png format
2137327 - Add rhel-9.2.0 x86_64 machine type
2137330 - RFE: guest agent 'guest-get-diskstats' api support
2137332 - RFE: guest agent 'guest-get-cpustats' api support
2138242 - zero-copy-send patches to RHEL9.2
2141088 - vDPA SVQ guest announce support
2141218 - qemu-kvm build fails with clang 15.0.1 due to false unused variable error
2143584 - Update machine type compatibility for QEMU 7.2.0 update [aarch64]
2143585 - Update machine type compatibility for QEMU 7.2.0 update [s390x]
2144367 - [guest-agent]NVMe SMART support for Linux
2144436 - usb device cannot be found in VM when starting VM with a usb-redir device
2148352 - [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite
2149022 - qemu-kvm: Missing dependencies between devices
2149105 - CVE-2022-4172 QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record
2149191 - [RFE][guest-agent] - USB bus type support
2150180 - qemu-img finishes successfully while having errors in commit or bitmaps operations
2152977 - RFE: support live migrating TPM state to a target that shares storage with the source
2154640 - [aarch64] qemu fails to load "efi-virtio.rom" romfile when creating virtio-net-pci
2155112 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)
2155173 - [vhost-user] unable to start vhost net: 71: falling back on userspace
2155748 - qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed
2155749 - [regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X
2156515 - [guest-agent] Replace '-blacklist' with '-block-rpcs' in qemu-ga config file
2156876 - [virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)
2158704 - RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall
2159408 - [s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8
2162569 - [transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2
2168209 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)
2169232 - RFE: reconnect option for stream socket back-end
2169732 - Multifd migration fails under a weak network/socket ordering race
2169904 - [SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022
2173590 - bugs in emulation of BMI instructions (for libguestfs without KVM)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
qemu-kvm-7.2.0-14.el9_2.src.rpm

aarch64:
qemu-guest-agent-7.2.0-14.el9_2.aarch64.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-img-7.2.0-14.el9_2.aarch64.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-audio-pa-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-curl-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-rbd-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-common-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-common-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-core-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-core-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-usb-host-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-docs-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-tools-7.2.0-14.el9_2.aarch64.rpm
qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.aarch64.rpm
qemu-pr-helper-7.2.0-14.el9_2.aarch64.rpm
qemu-pr-helper-debuginfo-7.2.0-14.el9_2.aarch64.rpm

ppc64le:
qemu-guest-agent-7.2.0-14.el9_2.ppc64le.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.ppc64le.rpm
qemu-img-7.2.0-14.el9_2.ppc64le.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.ppc64le.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.ppc64le.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.ppc64le.rpm

s390x:
qemu-guest-agent-7.2.0-14.el9_2.s390x.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-img-7.2.0-14.el9_2.s390x.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-audio-pa-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-curl-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-rbd-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-common-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-common-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-core-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-core-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-ccw-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-ccw-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-usb-host-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-docs-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-tools-7.2.0-14.el9_2.s390x.rpm
qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.s390x.rpm
qemu-pr-helper-7.2.0-14.el9_2.s390x.rpm
qemu-pr-helper-debuginfo-7.2.0-14.el9_2.s390x.rpm

x86_64:
qemu-guest-agent-7.2.0-14.el9_2.x86_64.rpm
qemu-guest-agent-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-img-7.2.0-14.el9_2.x86_64.rpm
qemu-img-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-audio-pa-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-curl-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-rbd-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-common-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-common-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-core-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-core-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-debugsource-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-vga-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-display-virtio-vga-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-host-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-redirect-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-device-usb-redirect-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-docs-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-tools-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-egl-headless-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-egl-headless-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-opengl-7.2.0-14.el9_2.x86_64.rpm
qemu-kvm-ui-opengl-debuginfo-7.2.0-14.el9_2.x86_64.rpm
qemu-pr-helper-7.2.0-14.el9_2.x86_64.rpm
qemu-pr-helper-debuginfo-7.2.0-14.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2022-3165
  https://access.redhat.com/security/cve/CVE-2022-4172
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.