Bug 1198037 (CVE-2021-4207) - VUL-0: CVE-2021-4207: qemu,kvm: double fetch in qxl_cursor() can lead to heap buffer overflow
Summary: VUL-0: CVE-2021-4207: qemu,kvm: double fetch in qxl_cursor() can lead to heap...
Status: RESOLVED FIXED
Alias: CVE-2021-4207
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/327830/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-4207:7.5:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-04-04 14:53 UTC by Robert Frohl
Modified: 2024-06-07 07:40 UTC (History)
10 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-04-04 14:53:45 UTC 
rh#2036966

In the QEMU QXL video acelerator a double fetch leads to heap overflow in qxl_unpack_chunks function.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2036966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4207
Comment 2 Robert Frohl 2022-05-02 10:55:50 UTC 
tracking all as affected:

- SUSE:SLE-12-SP2:Update/qemu
- SUSE:SLE-12-SP3:Update/qemu
- SUSE:SLE-12-SP4:Update/qemu
- SUSE:SLE-12-SP5:Update/qemu
- SUSE:SLE-15:Update/qemu
- SUSE:SLE-15-SP1:Update/qemu
- SUSE:SLE-15-SP2:Update/qemu
- SUSE:SLE-15-SP3:Update/qemu
- SUSE:SLE-15-SP4:Update/qemu

in addition
- SUSE:SLE-11-SP3:Update/kvm
Comment 6 Swamp Workflow Management 2022-07-04 13:19:48 UTC 
SUSE-SU-2022:2254-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1197084,1198035,1198037,1198712,1199018,1199924
CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26354
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-150300.115.2, qemu-linux-user-5.2.0-150300.115.2, qemu-testsuite-5.2.0-150300.115.4
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-150300.115.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-150300.115.2
SUSE Linux Enterprise Micro 5.2 (src):    qemu-5.2.0-150300.115.2
SUSE Linux Enterprise Micro 5.1 (src):    qemu-5.2.0-150300.115.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-07-04 19:17:08 UTC 
SUSE-SU-2022:2260-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1197084,1198035,1198037,1198711,1198712,1199015,1199018,1199625,1199924
CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26353,CVE-2022-26354
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    qemu-6.2.0-150400.37.5.3, qemu-linux-user-6.2.0-150400.37.5.1, qemu-testsuite-6.2.0-150400.37.5.5
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    qemu-6.2.0-150400.37.5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    qemu-6.2.0-150400.37.5.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 OBSbugzilla Bot 2022-07-22 14:40:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1198037) was mentioned in
https://build.opensuse.org/request/show/990694 Factory / qemu
Comment 15 Swamp Workflow Management 2022-10-17 10:21:08 UTC 
SUSE-SU-2022:3594-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1175144,1182282,1192115,1198035,1198037,1198038
CVE References: CVE-2021-3409,CVE-2021-4206,CVE-2021-4207,CVE-2022-0216,CVE-2022-35414
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    qemu-4.2.1-150200.69.1
openSUSE Leap 15.3 (src):    qemu-4.2.1-150200.69.1
SUSE Manager Server 4.1 (src):    qemu-4.2.1-150200.69.1
SUSE Manager Retail Branch Server 4.1 (src):    qemu-4.2.1-150200.69.1
SUSE Manager Proxy 4.1 (src):    qemu-4.2.1-150200.69.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    qemu-4.2.1-150200.69.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    qemu-4.2.1-150200.69.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    qemu-4.2.1-150200.69.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    qemu-4.2.1-150200.69.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    qemu-4.2.1-150200.69.1
SUSE Enterprise Storage 7 (src):    qemu-4.2.1-150200.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-10-26 14:10:16 UTC 
SUSE-SU-2022:3768-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1175144,1182282,1185000,1192463,1198035,1198037,1198038,1201367
CVE References: CVE-2020-17380,CVE-2021-3409,CVE-2021-3507,CVE-2021-4206,CVE-2021-4207,CVE-2022-0216,CVE-2022-35414
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-3.1.1.1-150100.80.43.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-150100.80.43.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-150100.80.43.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-150100.80.43.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-150100.80.43.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-150100.80.43.2
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-150100.80.43.2
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-150100.80.43.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Maintenance Automation 2023-06-02 12:30:05 UTC 
SUSE-SU-2023:2358-1: An update that solves four vulnerabilities and has three fixes can now be installed.

Category: security (important)
Bug References: 1187529, 1192463, 1193621, 1193880, 1198035, 1198037, 1198038
CVE References: CVE-2021-3929, CVE-2021-4206, CVE-2021-4207, CVE-2022-0216
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): qemu-2.6.2-41.76.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Maintenance Automation 2023-07-28 20:30:23 UTC 
SUSE-SU-2023:3015-1: An update that solves three vulnerabilities can now be installed.

Category: security (important)
Bug References: 1198037, 1207205, 1212968
CVE References: CVE-2021-4207, CVE-2023-0330, CVE-2023-2861
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): qemu-3.1.1.1-69.1
SUSE Linux Enterprise Server 12 SP5 (src): qemu-3.1.1.1-69.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): qemu-3.1.1.1-69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Dario Faggioli 2023-08-04 10:49:39 UTC 
And, with 12-SP4 done (in https://build.suse.de/request/show/304637), this should finally be fine, I think.

Handing it back (hoping for the MR to be accepted :-) )