OESA-2021-1227

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1227
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1227.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1227
Upstream
Published
2021-06-22T11:02:58Z
Modified
2025-08-12T05:08:57.419190Z
Summary
qemu security update
Details

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.

Security Fix(es):

A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3546)

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virglcmdgetcapsetinfo() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.(CVE-2021-3545)

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.(CVE-2021-3544)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / qemu

Package

Name
qemu
Purl
pkg:rpm/openEuler/qemu&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.0-48.oe1

Ecosystem specific 

{
    "aarch64": [
        "qemu-guest-agent-4.1.0-48.oe1.aarch64.rpm",
        "qemu-debuginfo-4.1.0-48.oe1.aarch64.rpm",
        "qemu-img-4.1.0-48.oe1.aarch64.rpm",
        "qemu-block-ssh-4.1.0-48.oe1.aarch64.rpm",
        "qemu-block-rbd-4.1.0-48.oe1.aarch64.rpm",
        "qemu-block-iscsi-4.1.0-48.oe1.aarch64.rpm",
        "qemu-debugsource-4.1.0-48.oe1.aarch64.rpm",
        "qemu-4.1.0-48.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "qemu-seabios-4.1.0-48.oe1.x86_64.rpm",
        "qemu-debuginfo-4.1.0-48.oe1.x86_64.rpm",
        "qemu-block-ssh-4.1.0-48.oe1.x86_64.rpm",
        "qemu-4.1.0-48.oe1.x86_64.rpm",
        "qemu-guest-agent-4.1.0-48.oe1.x86_64.rpm",
        "qemu-img-4.1.0-48.oe1.x86_64.rpm",
        "qemu-debugsource-4.1.0-48.oe1.x86_64.rpm",
        "qemu-block-rbd-4.1.0-48.oe1.x86_64.rpm",
        "qemu-block-iscsi-4.1.0-48.oe1.x86_64.rpm"
    ],
    "src": [
        "qemu-4.1.0-48.oe1.src.rpm"
    ],
    "noarch": [
        "qemu-help-4.1.0-48.oe1.noarch.rpm"
    ]
}