Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-27616 (GCVE-0-2020-27616)
Vulnerability from cvelistv5
Published
2020-11-06 07:48
Modified
2024-08-04 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
References
| ► | URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/11/03/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201202-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27616",
"datePublished": "2020-11-06T07:48:01",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-27616\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-06T08:15:13.737\",\"lastModified\":\"2024-11-21T05:21:28.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ati_2d_blt en el archivo hw/display/ati_2d.c en QEMU versi\u00f3n 4.2.1, puede encontrar una situaci\u00f3n fuera de l\u00edmites en un c\u00e1lculo.\u0026#xa0;Un invitado puede bloquear el proceso QEMU\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-682\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F4C2DFD-6E58-4B5D-B2B1-F69A2BF35488\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/03/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20201202-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/03/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20201202-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
wid-sec-w-2022-1270
Vulnerability from csaf_certbund
Published
2020-11-02 23:00
Modified
2024-09-02 22:00
Summary
QEMU: Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1270 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1270.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1270 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1270"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1240-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008648.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1243-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008646.html"
},
{
"category": "external",
"summary": "Mailing list OSS-Security vom 2020-11-02",
"url": "http://seclists.org/oss-sec/2020/q4/86"
},
{
"category": "external",
"summary": "Mailing list OSS-Security vom 2020-11-02",
"url": "http://seclists.org/oss-sec/2020/q4/89"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1245-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008647.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1244-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008650.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1242-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008652.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1241-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008649.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4650-1 vom 2020-11-30",
"url": "https://ubuntu.com/security/notices/USN-4650-1"
},
{
"category": "external",
"summary": "F5 Security Advisory K41142448 vom 2020-12-02",
"url": "https://support.f5.com/csp/article/K41142448"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1305-1 vom 2021-04-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008671.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9034 vom 2021-02-05",
"url": "https://linux.oracle.com/errata/ELSA-2021-9034.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9104 vom 2021-03-12",
"url": "https://linux.oracle.com/errata/ELSA-2021-9104.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9109 vom 2021-03-16",
"url": "https://linux.oracle.com/errata/ELSA-2021-9109.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3061 vom 2021-08-10",
"url": "https://access.redhat.com/errata/RHSA-2021:3061"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-3061 vom 2021-08-13",
"url": "https://linux.oracle.com/errata/ELSA-2021-3061.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3099 vom 2022-09-05",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
}
],
"source_lang": "en-US",
"title": "QEMU: Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-09-02T22:00:00.000+00:00",
"generator": {
"date": "2024-09-03T08:15:54.162+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2022-1270",
"initial_release_date": "2020-11-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-11-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-11-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-12-01T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2021-02-07T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-03-11T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-03-15T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-04-18T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-22T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-08-10T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-12T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-09-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source QEMU",
"product": {
"name": "Open Source QEMU",
"product_id": "185878",
"product_identification_helper": {
"cpe": "cpe:/a:qemu:qemu:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27616",
"notes": [
{
"category": "description",
"text": "Es gibt mehrere Schwachstellen in QEMU aufgrund von Fehlern in den Netzwerkhelfer-Funktionen im Zusammenhang mit der Funktion \"eth_get_gso_type()\" und im ati-vga Emulator. Ein Angreifer aus einer Gast-VM kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand im QEMU-Host-Prozess herbeif\u00fchren."
}
],
"product_status": {
"known_affected": [
"185878",
"2951",
"T002207",
"67646",
"T000126",
"T001663",
"T004914"
]
},
"release_date": "2020-11-02T23:00:00.000+00:00",
"title": "CVE-2020-27616"
},
{
"cve": "CVE-2020-27617",
"notes": [
{
"category": "description",
"text": "Es gibt mehrere Schwachstellen in QEMU aufgrund von Fehlern in den Netzwerkhelfer-Funktionen im Zusammenhang mit der Funktion \"eth_get_gso_type()\" und im ati-vga Emulator. Ein Angreifer aus einer Gast-VM kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand im QEMU-Host-Prozess herbeif\u00fchren."
}
],
"product_status": {
"known_affected": [
"185878",
"2951",
"T002207",
"67646",
"T000126",
"T001663",
"T004914"
]
},
"release_date": "2020-11-02T23:00:00.000+00:00",
"title": "CVE-2020-27617"
}
]
}
ghsa-7r3q-28jv-xmcr
Vulnerability from github
Published
2022-05-24 17:33
Modified
2022-05-24 17:33
VLAI Severity ?
Details
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
{
"affected": [],
"aliases": [
"CVE-2020-27616"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-06T08:15:00Z",
"severity": "MODERATE"
},
"details": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.",
"id": "GHSA-7r3q-28jv-xmcr",
"modified": "2022-05-24T17:33:19Z",
"published": "2022-05-24T17:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27616"
},
{
"type": "WEB",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201202-0002"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
}
],
"schema_version": "1.4.0",
"severity": []
}
opensuse-su-2021:0600-1
Vulnerability from csaf_opensuse
Published
2021-04-23 10:46
Modified
2021-04-23 10:46
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)
- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)
- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)
- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)
- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)
- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)
- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)
- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)
- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)
- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)
- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)
- CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)
- CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)
- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)
- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)
- Added a few more usability improvements for our git packaging workflow
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames
openSUSE-2021-600
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\n- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)\n- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)\n- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)\n- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)\n- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)\n- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)\n- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)\n- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)\n- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)\n- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)\n- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)\n- CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)\n- CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)\n- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)\n- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)\n- Added a few more usability improvements for our git packaging workflow\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-600",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0600-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0600-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATYM36RK6JXDXZ33F2KFHZHDZ3F3YD24/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0600-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATYM36RK6JXDXZ33F2KFHZHDZ3F3YD24/"
},
{
"category": "self",
"summary": "SUSE Bug 1172385",
"url": "https://bugzilla.suse.com/1172385"
},
{
"category": "self",
"summary": "SUSE Bug 1173612",
"url": "https://bugzilla.suse.com/1173612"
},
{
"category": "self",
"summary": "SUSE Bug 1176673",
"url": "https://bugzilla.suse.com/1176673"
},
{
"category": "self",
"summary": "SUSE Bug 1176682",
"url": "https://bugzilla.suse.com/1176682"
},
{
"category": "self",
"summary": "SUSE Bug 1176684",
"url": "https://bugzilla.suse.com/1176684"
},
{
"category": "self",
"summary": "SUSE Bug 1178174",
"url": "https://bugzilla.suse.com/1178174"
},
{
"category": "self",
"summary": "SUSE Bug 1178400",
"url": "https://bugzilla.suse.com/1178400"
},
{
"category": "self",
"summary": "SUSE Bug 1178934",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "self",
"summary": "SUSE Bug 1179466",
"url": "https://bugzilla.suse.com/1179466"
},
{
"category": "self",
"summary": "SUSE Bug 1179467",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "self",
"summary": "SUSE Bug 1179468",
"url": "https://bugzilla.suse.com/1179468"
},
{
"category": "self",
"summary": "SUSE Bug 1179686",
"url": "https://bugzilla.suse.com/1179686"
},
{
"category": "self",
"summary": "SUSE Bug 1181108",
"url": "https://bugzilla.suse.com/1181108"
},
{
"category": "self",
"summary": "SUSE Bug 1182425",
"url": "https://bugzilla.suse.com/1182425"
},
{
"category": "self",
"summary": "SUSE Bug 1182577",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "self",
"summary": "SUSE Bug 1182968",
"url": "https://bugzilla.suse.com/1182968"
},
{
"category": "self",
"summary": "SUSE Bug 1184064",
"url": "https://bugzilla.suse.com/1184064"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12829 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15469 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25084 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25624 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27616 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27617 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27821 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28916 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29129 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29130 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29443 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20257 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3416/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2021-04-23T10:46:42Z",
"generator": {
"date": "2021-04-23T10:46:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0600-1",
"initial_release_date": "2021-04-23T10:46:42Z",
"revision_history": [
{
"date": "2021-04-23T10:46:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"product": {
"name": "qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"product_id": "qemu-microvm-4.2.1-lp152.9.12.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"product": {
"name": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"product_id": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-lp152.9.12.1.noarch",
"product": {
"name": "qemu-sgabios-8-lp152.9.12.1.noarch",
"product_id": "qemu-sgabios-8-lp152.9.12.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"product": {
"name": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"product_id": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-arm-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-extra-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-lang-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-s390-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-tools-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-lp152.9.12.1.x86_64",
"product": {
"name": "qemu-x86-4.2.1-lp152.9.12.1.x86_64",
"product_id": "qemu-x86-4.2.1-lp152.9.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-extra-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-microvm-4.2.1-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch"
},
"product_reference": "qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch"
},
"product_reference": "qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch"
},
"product_reference": "qemu-sgabios-8-lp152.9.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch"
},
"product_reference": "qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-4.2.1-lp152.9.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
},
"product_reference": "qemu-x86-4.2.1-lp152.9.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12829"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12829",
"url": "https://www.suse.com/security/cve/CVE-2020-12829"
},
{
"category": "external",
"summary": "SUSE Bug 1172385 for CVE-2020-12829",
"url": "https://bugzilla.suse.com/1172385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-12829"
},
{
"cve": "CVE-2020-15469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15469"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15469",
"url": "https://www.suse.com/security/cve/CVE-2020-15469"
},
{
"category": "external",
"summary": "SUSE Bug 1173612 for CVE-2020-15469",
"url": "https://bugzilla.suse.com/1173612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15469"
},
{
"cve": "CVE-2020-25084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25084"
}
],
"notes": [
{
"category": "general",
"text": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25084",
"url": "https://www.suse.com/security/cve/CVE-2020-25084"
},
{
"category": "external",
"summary": "SUSE Bug 1176673 for CVE-2020-25084",
"url": "https://bugzilla.suse.com/1176673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-25084"
},
{
"cve": "CVE-2020-25624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25624"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25624",
"url": "https://www.suse.com/security/cve/CVE-2020-25624"
},
{
"category": "external",
"summary": "SUSE Bug 1176682 for CVE-2020-25624",
"url": "https://bugzilla.suse.com/1176682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-25624"
},
{
"cve": "CVE-2020-25625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25625"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25625",
"url": "https://www.suse.com/security/cve/CVE-2020-25625"
},
{
"category": "external",
"summary": "SUSE Bug 1176684 for CVE-2020-25625",
"url": "https://bugzilla.suse.com/1176684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "low"
}
],
"title": "CVE-2020-25625"
},
{
"cve": "CVE-2020-25723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25723"
}
],
"notes": [
{
"category": "general",
"text": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25723",
"url": "https://www.suse.com/security/cve/CVE-2020-25723"
},
{
"category": "external",
"summary": "SUSE Bug 1178934 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "external",
"summary": "SUSE Bug 1178935 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "low"
}
],
"title": "CVE-2020-25723"
},
{
"cve": "CVE-2020-27616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27616"
}
],
"notes": [
{
"category": "general",
"text": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27616",
"url": "https://www.suse.com/security/cve/CVE-2020-27616"
},
{
"category": "external",
"summary": "SUSE Bug 1178400 for CVE-2020-27616",
"url": "https://bugzilla.suse.com/1178400"
},
{
"category": "external",
"summary": "SUSE Bug 1188609 for CVE-2020-27616",
"url": "https://bugzilla.suse.com/1188609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "low"
}
],
"title": "CVE-2020-27616"
},
{
"cve": "CVE-2020-27617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27617"
}
],
"notes": [
{
"category": "general",
"text": "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27617",
"url": "https://www.suse.com/security/cve/CVE-2020-27617"
},
{
"category": "external",
"summary": "SUSE Bug 1178174 for CVE-2020-27617",
"url": "https://bugzilla.suse.com/1178174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-27617"
},
{
"cve": "CVE-2020-27821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27821"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27821",
"url": "https://www.suse.com/security/cve/CVE-2020-27821"
},
{
"category": "external",
"summary": "SUSE Bug 1179686 for CVE-2020-27821",
"url": "https://bugzilla.suse.com/1179686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-27821"
},
{
"cve": "CVE-2020-28916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28916"
}
],
"notes": [
{
"category": "general",
"text": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28916",
"url": "https://www.suse.com/security/cve/CVE-2020-28916"
},
{
"category": "external",
"summary": "SUSE Bug 1178683 for CVE-2020-28916",
"url": "https://bugzilla.suse.com/1178683"
},
{
"category": "external",
"summary": "SUSE Bug 1179468 for CVE-2020-28916",
"url": "https://bugzilla.suse.com/1179468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-28916"
},
{
"cve": "CVE-2020-29129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29129"
}
],
"notes": [
{
"category": "general",
"text": "ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29129",
"url": "https://www.suse.com/security/cve/CVE-2020-29129"
},
{
"category": "external",
"summary": "SUSE Bug 1179466 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179466"
},
{
"category": "external",
"summary": "SUSE Bug 1179467 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "external",
"summary": "SUSE Bug 1179477 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179477"
},
{
"category": "external",
"summary": "SUSE Bug 1179484 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-29129"
},
{
"cve": "CVE-2020-29130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29130"
}
],
"notes": [
{
"category": "general",
"text": "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29130",
"url": "https://www.suse.com/security/cve/CVE-2020-29130"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1179467 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "external",
"summary": "SUSE Bug 1179477 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-29130"
},
{
"cve": "CVE-2020-29443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29443"
}
],
"notes": [
{
"category": "general",
"text": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29443",
"url": "https://www.suse.com/security/cve/CVE-2020-29443"
},
{
"category": "external",
"summary": "SUSE Bug 1181108 for CVE-2020-29443",
"url": "https://bugzilla.suse.com/1181108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-29443"
},
{
"cve": "CVE-2021-20257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20257"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20257",
"url": "https://www.suse.com/security/cve/CVE-2021-20257"
},
{
"category": "external",
"summary": "SUSE Bug 1182577 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "external",
"summary": "SUSE Bug 1182846 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "low"
}
],
"title": "CVE-2021-20257"
},
{
"cve": "CVE-2021-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3416"
}
],
"notes": [
{
"category": "general",
"text": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3416",
"url": "https://www.suse.com/security/cve/CVE-2021-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1182968 for CVE-2021-3416",
"url": "https://bugzilla.suse.com/1182968"
},
{
"category": "external",
"summary": "SUSE Bug 1186473 for CVE-2021-3416",
"url": "https://bugzilla.suse.com/1186473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.12.1.noarch",
"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.12.1.x86_64",
"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:42Z",
"details": "low"
}
],
"title": "CVE-2021-3416"
}
]
}
fkie_cve-2020-27616
Vulnerability from fkie_nvd
Published
2020-11-06 08:15
Modified
2024-11-21 05:21
Severity ?
Summary
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/11/03/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20201202-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/11/03/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20201202-0002/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4C2DFD-6E58-4B5D-B2B1-F69A2BF35488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
},
{
"lang": "es",
"value": "La funci\u00f3n ati_2d_blt en el archivo hw/display/ati_2d.c en QEMU versi\u00f3n 4.2.1, puede encontrar una situaci\u00f3n fuera de l\u00edmites en un c\u00e1lculo.\u0026#xa0;Un invitado puede bloquear el proceso QEMU"
}
],
"id": "CVE-2020-27616",
"lastModified": "2024-11-21T05:21:28.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T08:15:13.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2021:1243-1
Vulnerability from csaf_suse
Published
2021-04-16 12:45
Modified
2021-04-16 12:45
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)
- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)
- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)
- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)
- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)
- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)
- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)
- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)
- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)
- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)
- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)
- CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)
- CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)
- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)
- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)
- Added a few more usability improvements for our git packaging workflow
Patchnames
SUSE-2021-1243,SUSE-SLE-Module-Basesystem-15-SP2-2021-1243,SUSE-SLE-Module-Server-Applications-15-SP2-2021-1243,SUSE-SUSE-MicroOS-5.0-2021-1243
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\n- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)\n- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)\n- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)\n- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)\n- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)\n- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)\n- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)\n- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)\n- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)\n- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)\n- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)\n- CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)\n- CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)\n- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)\n- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)\n- Added a few more usability improvements for our git packaging workflow\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1243,SUSE-SLE-Module-Basesystem-15-SP2-2021-1243,SUSE-SLE-Module-Server-Applications-15-SP2-2021-1243,SUSE-SUSE-MicroOS-5.0-2021-1243",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1243-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1243-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211243-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1243-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008646.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172385",
"url": "https://bugzilla.suse.com/1172385"
},
{
"category": "self",
"summary": "SUSE Bug 1173612",
"url": "https://bugzilla.suse.com/1173612"
},
{
"category": "self",
"summary": "SUSE Bug 1176673",
"url": "https://bugzilla.suse.com/1176673"
},
{
"category": "self",
"summary": "SUSE Bug 1176682",
"url": "https://bugzilla.suse.com/1176682"
},
{
"category": "self",
"summary": "SUSE Bug 1176684",
"url": "https://bugzilla.suse.com/1176684"
},
{
"category": "self",
"summary": "SUSE Bug 1178174",
"url": "https://bugzilla.suse.com/1178174"
},
{
"category": "self",
"summary": "SUSE Bug 1178400",
"url": "https://bugzilla.suse.com/1178400"
},
{
"category": "self",
"summary": "SUSE Bug 1178934",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "self",
"summary": "SUSE Bug 1179466",
"url": "https://bugzilla.suse.com/1179466"
},
{
"category": "self",
"summary": "SUSE Bug 1179467",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "self",
"summary": "SUSE Bug 1179468",
"url": "https://bugzilla.suse.com/1179468"
},
{
"category": "self",
"summary": "SUSE Bug 1179686",
"url": "https://bugzilla.suse.com/1179686"
},
{
"category": "self",
"summary": "SUSE Bug 1181108",
"url": "https://bugzilla.suse.com/1181108"
},
{
"category": "self",
"summary": "SUSE Bug 1182425",
"url": "https://bugzilla.suse.com/1182425"
},
{
"category": "self",
"summary": "SUSE Bug 1182577",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "self",
"summary": "SUSE Bug 1182968",
"url": "https://bugzilla.suse.com/1182968"
},
{
"category": "self",
"summary": "SUSE Bug 1184064",
"url": "https://bugzilla.suse.com/1184064"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12829 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15469 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25084 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25624 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27616 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27617 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27821 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28916 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29129 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29130 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29443 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20257 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3416/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2021-04-16T12:45:20Z",
"generator": {
"date": "2021-04-16T12:45:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1243-1",
"initial_release_date": "2021-04-16T12:45:20Z",
"revision_history": [
{
"date": "2021-04-16T12:45:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-4.2.1-11.16.3.aarch64",
"product_id": "qemu-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-arm-4.2.1-11.16.3.aarch64",
"product_id": "qemu-arm-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-audio-alsa-4.2.1-11.16.3.aarch64",
"product_id": "qemu-audio-alsa-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-audio-pa-4.2.1-11.16.3.aarch64",
"product_id": "qemu-audio-pa-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-block-curl-4.2.1-11.16.3.aarch64",
"product_id": "qemu-block-curl-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-block-dmg-4.2.1-11.16.3.aarch64",
"product_id": "qemu-block-dmg-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"product_id": "qemu-block-iscsi-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-block-rbd-4.2.1-11.16.3.aarch64",
"product_id": "qemu-block-rbd-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-block-ssh-4.2.1-11.16.3.aarch64",
"product_id": "qemu-block-ssh-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-extra-4.2.1-11.16.3.aarch64",
"product_id": "qemu-extra-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-guest-agent-4.2.1-11.16.3.aarch64",
"product_id": "qemu-guest-agent-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-lang-4.2.1-11.16.3.aarch64",
"product_id": "qemu-lang-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-11.16.1.aarch64",
"product": {
"name": "qemu-linux-user-4.2.1-11.16.1.aarch64",
"product_id": "qemu-linux-user-4.2.1-11.16.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-ppc-4.2.1-11.16.3.aarch64",
"product_id": "qemu-ppc-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-s390-4.2.1-11.16.3.aarch64",
"product_id": "qemu-s390-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-11.16.6.aarch64",
"product": {
"name": "qemu-testsuite-4.2.1-11.16.6.aarch64",
"product_id": "qemu-testsuite-4.2.1-11.16.6.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-tools-4.2.1-11.16.3.aarch64",
"product_id": "qemu-tools-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-ui-curses-4.2.1-11.16.3.aarch64",
"product_id": "qemu-ui-curses-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-ui-gtk-4.2.1-11.16.3.aarch64",
"product_id": "qemu-ui-gtk-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"product_id": "qemu-ui-spice-app-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.aarch64",
"product_id": "qemu-vhost-user-gpu-4.2.1-11.16.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-11.16.3.aarch64",
"product": {
"name": "qemu-x86-4.2.1-11.16.3.aarch64",
"product_id": "qemu-x86-4.2.1-11.16.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-4.2.1-11.16.3.i586",
"product_id": "qemu-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-arm-4.2.1-11.16.3.i586",
"product_id": "qemu-arm-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-audio-alsa-4.2.1-11.16.3.i586",
"product_id": "qemu-audio-alsa-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-audio-pa-4.2.1-11.16.3.i586",
"product_id": "qemu-audio-pa-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-block-curl-4.2.1-11.16.3.i586",
"product_id": "qemu-block-curl-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-block-dmg-4.2.1-11.16.3.i586",
"product_id": "qemu-block-dmg-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.i586",
"product_id": "qemu-block-iscsi-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-block-ssh-4.2.1-11.16.3.i586",
"product_id": "qemu-block-ssh-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-extra-4.2.1-11.16.3.i586",
"product_id": "qemu-extra-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-guest-agent-4.2.1-11.16.3.i586",
"product_id": "qemu-guest-agent-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-kvm-4.2.1-11.16.3.i586",
"product_id": "qemu-kvm-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-lang-4.2.1-11.16.3.i586",
"product_id": "qemu-lang-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-11.16.1.i586",
"product": {
"name": "qemu-linux-user-4.2.1-11.16.1.i586",
"product_id": "qemu-linux-user-4.2.1-11.16.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-ppc-4.2.1-11.16.3.i586",
"product_id": "qemu-ppc-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-s390-4.2.1-11.16.3.i586",
"product_id": "qemu-s390-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-11.16.6.i586",
"product": {
"name": "qemu-testsuite-4.2.1-11.16.6.i586",
"product_id": "qemu-testsuite-4.2.1-11.16.6.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-tools-4.2.1-11.16.3.i586",
"product_id": "qemu-tools-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-ui-curses-4.2.1-11.16.3.i586",
"product_id": "qemu-ui-curses-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-ui-gtk-4.2.1-11.16.3.i586",
"product_id": "qemu-ui-gtk-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.i586",
"product_id": "qemu-ui-spice-app-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.i586",
"product_id": "qemu-vhost-user-gpu-4.2.1-11.16.3.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-11.16.3.i586",
"product": {
"name": "qemu-x86-4.2.1-11.16.3.i586",
"product_id": "qemu-x86-4.2.1-11.16.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-11.16.3.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-11.16.3.noarch",
"product_id": "qemu-ipxe-1.0.0+-11.16.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-microvm-4.2.1-11.16.3.noarch",
"product": {
"name": "qemu-microvm-4.2.1-11.16.3.noarch",
"product_id": "qemu-microvm-4.2.1-11.16.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.12.1+-11.16.3.noarch",
"product": {
"name": "qemu-seabios-1.12.1+-11.16.3.noarch",
"product_id": "qemu-seabios-1.12.1+-11.16.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-11.16.3.noarch",
"product": {
"name": "qemu-sgabios-8-11.16.3.noarch",
"product_id": "qemu-sgabios-8-11.16.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.12.1+-11.16.3.noarch",
"product": {
"name": "qemu-vgabios-1.12.1+-11.16.3.noarch",
"product_id": "qemu-vgabios-1.12.1+-11.16.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-arm-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-arm-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-audio-alsa-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-audio-alsa-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-audio-pa-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-audio-pa-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-block-curl-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-block-curl-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-block-dmg-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-block-dmg-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-block-iscsi-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-block-rbd-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-block-ssh-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-extra-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-extra-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-guest-agent-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-lang-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-lang-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-11.16.1.ppc64le",
"product": {
"name": "qemu-linux-user-4.2.1-11.16.1.ppc64le",
"product_id": "qemu-linux-user-4.2.1-11.16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-ppc-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-ppc-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-s390-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-s390-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-11.16.6.ppc64le",
"product": {
"name": "qemu-testsuite-4.2.1-11.16.6.ppc64le",
"product_id": "qemu-testsuite-4.2.1-11.16.6.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-tools-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-tools-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-ui-curses-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-ui-curses-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-ui-gtk-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-ui-gtk-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-ui-spice-app-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-vhost-user-gpu-4.2.1-11.16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-11.16.3.ppc64le",
"product": {
"name": "qemu-x86-4.2.1-11.16.3.ppc64le",
"product_id": "qemu-x86-4.2.1-11.16.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-4.2.1-11.16.3.s390x",
"product_id": "qemu-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-arm-4.2.1-11.16.3.s390x",
"product_id": "qemu-arm-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-audio-alsa-4.2.1-11.16.3.s390x",
"product_id": "qemu-audio-alsa-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-audio-pa-4.2.1-11.16.3.s390x",
"product_id": "qemu-audio-pa-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-block-curl-4.2.1-11.16.3.s390x",
"product_id": "qemu-block-curl-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-block-dmg-4.2.1-11.16.3.s390x",
"product_id": "qemu-block-dmg-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.s390x",
"product_id": "qemu-block-iscsi-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-block-rbd-4.2.1-11.16.3.s390x",
"product_id": "qemu-block-rbd-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-block-ssh-4.2.1-11.16.3.s390x",
"product_id": "qemu-block-ssh-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-extra-4.2.1-11.16.3.s390x",
"product_id": "qemu-extra-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-guest-agent-4.2.1-11.16.3.s390x",
"product_id": "qemu-guest-agent-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-kvm-4.2.1-11.16.3.s390x",
"product_id": "qemu-kvm-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-lang-4.2.1-11.16.3.s390x",
"product_id": "qemu-lang-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-11.16.1.s390x",
"product": {
"name": "qemu-linux-user-4.2.1-11.16.1.s390x",
"product_id": "qemu-linux-user-4.2.1-11.16.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-ppc-4.2.1-11.16.3.s390x",
"product_id": "qemu-ppc-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-s390-4.2.1-11.16.3.s390x",
"product_id": "qemu-s390-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-11.16.6.s390x",
"product": {
"name": "qemu-testsuite-4.2.1-11.16.6.s390x",
"product_id": "qemu-testsuite-4.2.1-11.16.6.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-tools-4.2.1-11.16.3.s390x",
"product_id": "qemu-tools-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-ui-curses-4.2.1-11.16.3.s390x",
"product_id": "qemu-ui-curses-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-ui-gtk-4.2.1-11.16.3.s390x",
"product_id": "qemu-ui-gtk-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"product_id": "qemu-ui-spice-app-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.s390x",
"product_id": "qemu-vhost-user-gpu-4.2.1-11.16.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-11.16.3.s390x",
"product": {
"name": "qemu-x86-4.2.1-11.16.3.s390x",
"product_id": "qemu-x86-4.2.1-11.16.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-4.2.1-11.16.3.x86_64",
"product_id": "qemu-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-arm-4.2.1-11.16.3.x86_64",
"product_id": "qemu-arm-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"product_id": "qemu-audio-alsa-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-audio-pa-4.2.1-11.16.3.x86_64",
"product_id": "qemu-audio-pa-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-block-curl-4.2.1-11.16.3.x86_64",
"product_id": "qemu-block-curl-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-block-dmg-4.2.1-11.16.3.x86_64",
"product_id": "qemu-block-dmg-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"product_id": "qemu-block-iscsi-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-block-rbd-4.2.1-11.16.3.x86_64",
"product_id": "qemu-block-rbd-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-block-ssh-4.2.1-11.16.3.x86_64",
"product_id": "qemu-block-ssh-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-extra-4.2.1-11.16.3.x86_64",
"product_id": "qemu-extra-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-guest-agent-4.2.1-11.16.3.x86_64",
"product_id": "qemu-guest-agent-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-kvm-4.2.1-11.16.3.x86_64",
"product_id": "qemu-kvm-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-lang-4.2.1-11.16.3.x86_64",
"product_id": "qemu-lang-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-4.2.1-11.16.1.x86_64",
"product": {
"name": "qemu-linux-user-4.2.1-11.16.1.x86_64",
"product_id": "qemu-linux-user-4.2.1-11.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-ppc-4.2.1-11.16.3.x86_64",
"product_id": "qemu-ppc-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-s390-4.2.1-11.16.3.x86_64",
"product_id": "qemu-s390-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-4.2.1-11.16.6.x86_64",
"product": {
"name": "qemu-testsuite-4.2.1-11.16.6.x86_64",
"product_id": "qemu-testsuite-4.2.1-11.16.6.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-tools-4.2.1-11.16.3.x86_64",
"product_id": "qemu-tools-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-ui-curses-4.2.1-11.16.3.x86_64",
"product_id": "qemu-ui-curses-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"product_id": "qemu-ui-gtk-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"product_id": "qemu-ui-spice-app-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-vhost-user-gpu-4.2.1-11.16.3.x86_64",
"product_id": "qemu-vhost-user-gpu-4.2.1-11.16.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-4.2.1-11.16.3.x86_64",
"product": {
"name": "qemu-x86-4.2.1-11.16.3.x86_64",
"product_id": "qemu-x86-4.2.1-11.16.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-tools-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-tools-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-tools-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-tools-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-arm-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-alsa-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-pa-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-audio-pa-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-block-curl-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-block-curl-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-block-curl-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-block-curl-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-block-iscsi-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-block-rbd-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-block-rbd-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-block-rbd-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-block-ssh-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-block-ssh-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-block-ssh-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-guest-agent-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-guest-agent-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-guest-agent-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-11.16.3.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-kvm-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-kvm-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-lang-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-lang-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-lang-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-lang-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-microvm-4.2.1-11.16.3.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch"
},
"product_reference": "qemu-microvm-4.2.1-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-ppc-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-s390-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.1+-11.16.3.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch"
},
"product_reference": "qemu-seabios-1.12.1+-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-11.16.3.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch"
},
"product_reference": "qemu-sgabios-8-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-curses-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-ui-curses-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-gtk-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le"
},
"product_reference": "qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x"
},
"product_reference": "qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-spice-app-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.1+-11.16.3.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch"
},
"product_reference": "qemu-vgabios-1.12.1+-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-x86-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-arm-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-11.16.3.noarch as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.1+-11.16.3.noarch as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch"
},
"product_reference": "qemu-seabios-1.12.1+-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-11.16.3.noarch as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch"
},
"product_reference": "qemu-sgabios-8-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-11.16.3.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64"
},
"product_reference": "qemu-tools-4.2.1-11.16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-tools-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.1+-11.16.3.noarch as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch"
},
"product_reference": "qemu-vgabios-1.12.1+-11.16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-4.2.1-11.16.3.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64"
},
"product_reference": "qemu-x86-4.2.1-11.16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12829"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12829",
"url": "https://www.suse.com/security/cve/CVE-2020-12829"
},
{
"category": "external",
"summary": "SUSE Bug 1172385 for CVE-2020-12829",
"url": "https://bugzilla.suse.com/1172385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-12829"
},
{
"cve": "CVE-2020-15469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15469"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15469",
"url": "https://www.suse.com/security/cve/CVE-2020-15469"
},
{
"category": "external",
"summary": "SUSE Bug 1173612 for CVE-2020-15469",
"url": "https://bugzilla.suse.com/1173612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-15469"
},
{
"cve": "CVE-2020-25084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25084"
}
],
"notes": [
{
"category": "general",
"text": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25084",
"url": "https://www.suse.com/security/cve/CVE-2020-25084"
},
{
"category": "external",
"summary": "SUSE Bug 1176673 for CVE-2020-25084",
"url": "https://bugzilla.suse.com/1176673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-25084"
},
{
"cve": "CVE-2020-25624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25624"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25624",
"url": "https://www.suse.com/security/cve/CVE-2020-25624"
},
{
"category": "external",
"summary": "SUSE Bug 1176682 for CVE-2020-25624",
"url": "https://bugzilla.suse.com/1176682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-25624"
},
{
"cve": "CVE-2020-25625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25625"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25625",
"url": "https://www.suse.com/security/cve/CVE-2020-25625"
},
{
"category": "external",
"summary": "SUSE Bug 1176684 for CVE-2020-25625",
"url": "https://bugzilla.suse.com/1176684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "low"
}
],
"title": "CVE-2020-25625"
},
{
"cve": "CVE-2020-25723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25723"
}
],
"notes": [
{
"category": "general",
"text": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25723",
"url": "https://www.suse.com/security/cve/CVE-2020-25723"
},
{
"category": "external",
"summary": "SUSE Bug 1178934 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "external",
"summary": "SUSE Bug 1178935 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "low"
}
],
"title": "CVE-2020-25723"
},
{
"cve": "CVE-2020-27616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27616"
}
],
"notes": [
{
"category": "general",
"text": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27616",
"url": "https://www.suse.com/security/cve/CVE-2020-27616"
},
{
"category": "external",
"summary": "SUSE Bug 1178400 for CVE-2020-27616",
"url": "https://bugzilla.suse.com/1178400"
},
{
"category": "external",
"summary": "SUSE Bug 1188609 for CVE-2020-27616",
"url": "https://bugzilla.suse.com/1188609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "low"
}
],
"title": "CVE-2020-27616"
},
{
"cve": "CVE-2020-27617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27617"
}
],
"notes": [
{
"category": "general",
"text": "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27617",
"url": "https://www.suse.com/security/cve/CVE-2020-27617"
},
{
"category": "external",
"summary": "SUSE Bug 1178174 for CVE-2020-27617",
"url": "https://bugzilla.suse.com/1178174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-27617"
},
{
"cve": "CVE-2020-27821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27821"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27821",
"url": "https://www.suse.com/security/cve/CVE-2020-27821"
},
{
"category": "external",
"summary": "SUSE Bug 1179686 for CVE-2020-27821",
"url": "https://bugzilla.suse.com/1179686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-27821"
},
{
"cve": "CVE-2020-28916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28916"
}
],
"notes": [
{
"category": "general",
"text": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28916",
"url": "https://www.suse.com/security/cve/CVE-2020-28916"
},
{
"category": "external",
"summary": "SUSE Bug 1178683 for CVE-2020-28916",
"url": "https://bugzilla.suse.com/1178683"
},
{
"category": "external",
"summary": "SUSE Bug 1179468 for CVE-2020-28916",
"url": "https://bugzilla.suse.com/1179468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-28916"
},
{
"cve": "CVE-2020-29129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29129"
}
],
"notes": [
{
"category": "general",
"text": "ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29129",
"url": "https://www.suse.com/security/cve/CVE-2020-29129"
},
{
"category": "external",
"summary": "SUSE Bug 1179466 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179466"
},
{
"category": "external",
"summary": "SUSE Bug 1179467 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "external",
"summary": "SUSE Bug 1179477 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179477"
},
{
"category": "external",
"summary": "SUSE Bug 1179484 for CVE-2020-29129",
"url": "https://bugzilla.suse.com/1179484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-29129"
},
{
"cve": "CVE-2020-29130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29130"
}
],
"notes": [
{
"category": "general",
"text": "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29130",
"url": "https://www.suse.com/security/cve/CVE-2020-29130"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1179467 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "external",
"summary": "SUSE Bug 1179477 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-29130"
},
{
"cve": "CVE-2020-29443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29443"
}
],
"notes": [
{
"category": "general",
"text": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29443",
"url": "https://www.suse.com/security/cve/CVE-2020-29443"
},
{
"category": "external",
"summary": "SUSE Bug 1181108 for CVE-2020-29443",
"url": "https://bugzilla.suse.com/1181108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-29443"
},
{
"cve": "CVE-2021-20257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20257"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20257",
"url": "https://www.suse.com/security/cve/CVE-2021-20257"
},
{
"category": "external",
"summary": "SUSE Bug 1182577 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "external",
"summary": "SUSE Bug 1182846 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "low"
}
],
"title": "CVE-2021-20257"
},
{
"cve": "CVE-2021-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3416"
}
],
"notes": [
{
"category": "general",
"text": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3416",
"url": "https://www.suse.com/security/cve/CVE-2021-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1182968 for CVE-2021-3416",
"url": "https://bugzilla.suse.com/1182968"
},
{
"category": "external",
"summary": "SUSE Bug 1186473 for CVE-2021-3416",
"url": "https://bugzilla.suse.com/1186473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Micro 5.0:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Micro 5.0:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Micro 5.0:qemu-x86-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:qemu-tools-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-arm-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-alsa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-audio-pa-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-curl-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-iscsi-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-rbd-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-block-ssh-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-guest-agent-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ipxe-1.0.0+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-kvm-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-lang-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-microvm-4.2.1-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ppc-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-s390-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-seabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-sgabios-8-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-curses-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-gtk-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-ui-spice-app-4.2.1-11.16.3.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-vgabios-1.12.1+-11.16.3.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP2:qemu-x86-4.2.1-11.16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-16T12:45:20Z",
"details": "low"
}
],
"title": "CVE-2021-3416"
}
]
}
gsd-2020-27616
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-27616",
"description": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.",
"id": "GSD-2020-27616",
"references": [
"https://www.suse.com/security/cve/CVE-2020-27616.html",
"https://ubuntu.com/security/CVE-2020-27616",
"https://linux.oracle.com/cve/CVE-2020-27616.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-27616"
],
"details": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.",
"id": "GSD-2020-27616",
"modified": "2023-12-13T01:22:10.949994Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/11/03/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201202-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27616"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/11/03/2",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201202-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-01T18:18Z",
"publishedDate": "2020-11-06T08:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…