-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security, bug fix, and enhancement update Advisory ID: RHSA-2023:2162-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2162 Issue date: 2023-05-09 CVE Names: CVE-2022-3165 CVE-2022-4172 ==================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm (7.2.0). (BZ#2111769, BZ#2135806) Security Fix(es): * QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion (CVE-2022-3165) * QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record (CVE-2022-4172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1860292 - RFE: add extent_size_hint information to qemu-img info 1905805 - support config interrupt in vhost-vdpa qemu 1963845 - QEMU quit if set nvdimm memory backend option readonly=on 1979276 - SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on 1983208 - i386/pc: Fix creation of >= 1Tb guests on AMD systems with IOMMU 1983493 - Qemu should prompt fatal error and quit with an unsupported audiodev 1986665 - [Fwcfg64] dump-guest-memory -w command report error "win-dump: failed to read CPU #2 ContextFrame location" on Windows desktop 2074000 - Make memory preallocation threads NUMA aware 2077376 - [RFE] Add support for 32-bit guest Windows dump with vmcoreinfo (fwcfg) via 'dump-guest-memory -w' 2086980 - Please Update The Error Info More Clearly When Creating Images Over RBD with The Namespace Not Existing 2087155 - Guest will get stuck at "Reached target Basic System" if insert the virtio-iommu device in pcie-root-port 2091166 - Q35: dmidecode doesn't display number of cpus (>255) correctly 2108531 - Windows guest reboot after migration with wsl2 installed inside 2108923 - [RHEL.9.2] Display a deprecation message in '-cpu help' for deprecated CPU models 2111769 - Rebase to QEMU 7.1.0 2113840 - [RHEL9.2] Memory mapping optimization for virt machine 2116496 - Can't run when memory backing with hugepages and backend type memfd 2120480 - guest with tpm crashed when executing memory dump to kdump-zlib_format 2121430 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.2.0] 2122788 - virtio-net TX stall after packet bursts (probably in qemu) 2123297 - Mirror job with "copy-mode":"write-blocking" that used for storage migration can't converge under heavy I/O 2124446 - Can not copy/paste from host to guest after restart spice-vdagentd.service 2124856 - VM with virtio interface and iommu=on will crash when try to migrate 2126095 - [rhel9.2][intel_iommu]Booting guest with "-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on" causes kernel call trace 2127825 - Use capstone for qemu-kvm build 2128222 - VDUSE block export should be disabled in builds for now 2128235 - [s390x][RHEL9] [s390x-ccw bios] lacking document about parameter loadparm in qemu 2129739 - CVE-2022-3165 QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion 2131982 - Add rhel-9.2.0 arm virt machine type 2135806 - Rebase to QEMU 7.2 for RHEL 9.2.0 2136473 - Add rhel-9.2.0 s390x machine type 2136797 - qemu crash when taking screenshot with png format 2137327 - Add rhel-9.2.0 x86_64 machine type 2137330 - RFE: guest agent 'guest-get-diskstats' api support 2137332 - RFE: guest agent 'guest-get-cpustats' api support 2138242 - zero-copy-send patches to RHEL9.2 2141088 - vDPA SVQ guest announce support 2141218 - qemu-kvm build fails with clang 15.0.1 due to false unused variable error 2143584 - Update machine type compatibility for QEMU 7.2.0 update [aarch64] 2143585 - Update machine type compatibility for QEMU 7.2.0 update [s390x] 2144367 - [guest-agent]NVMe SMART support for Linux 2144436 - usb device cannot be found in VM when starting VM with a usb-redir device 2148352 - [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite 2149022 - qemu-kvm: Missing dependencies between devices 2149105 - CVE-2022-4172 QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record 2149191 - [RFE][guest-agent] - USB bus type support 2150180 - qemu-img finishes successfully while having errors in commit or bitmaps operations 2152977 - RFE: support live migrating TPM state to a target that shares storage with the source 2154640 - [aarch64] qemu fails to load "efi-virtio.rom" romfile when creating virtio-net-pci 2155112 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled) 2155173 - [vhost-user] unable to start vhost net: 71: falling back on userspace 2155748 - qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed 2155749 - [regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X 2156515 - [guest-agent] Replace '-blacklist' with '-block-rpcs' in qemu-ga config file 2156876 - [virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22) 2158704 - RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall 2159408 - [s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8 2162569 - [transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2 2168209 - Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled) 2169232 - RFE: reconnect option for stream socket back-end 2169732 - Multifd migration fails under a weak network/socket ordering race 2169904 - [SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022 2173590 - bugs in emulation of BMI instructions (for libguestfs without KVM) 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: qemu-kvm-7.2.0-14.el9_2.src.rpm aarch64: qemu-guest-agent-7.2.0-14.el9_2.aarch64.rpm qemu-guest-agent-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-img-7.2.0-14.el9_2.aarch64.rpm qemu-img-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-audio-pa-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-block-curl-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-block-rbd-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-common-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-common-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-core-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-core-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-debugsource-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-device-usb-host-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-docs-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-tools-7.2.0-14.el9_2.aarch64.rpm qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.aarch64.rpm qemu-pr-helper-7.2.0-14.el9_2.aarch64.rpm qemu-pr-helper-debuginfo-7.2.0-14.el9_2.aarch64.rpm ppc64le: qemu-guest-agent-7.2.0-14.el9_2.ppc64le.rpm qemu-guest-agent-debuginfo-7.2.0-14.el9_2.ppc64le.rpm qemu-img-7.2.0-14.el9_2.ppc64le.rpm qemu-img-debuginfo-7.2.0-14.el9_2.ppc64le.rpm qemu-kvm-debuginfo-7.2.0-14.el9_2.ppc64le.rpm qemu-kvm-debugsource-7.2.0-14.el9_2.ppc64le.rpm s390x: qemu-guest-agent-7.2.0-14.el9_2.s390x.rpm qemu-guest-agent-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-img-7.2.0-14.el9_2.s390x.rpm qemu-img-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-7.2.0-14.el9_2.s390x.rpm qemu-kvm-audio-pa-7.2.0-14.el9_2.s390x.rpm qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-block-curl-7.2.0-14.el9_2.s390x.rpm qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-block-rbd-7.2.0-14.el9_2.s390x.rpm qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-common-7.2.0-14.el9_2.s390x.rpm qemu-kvm-common-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-core-7.2.0-14.el9_2.s390x.rpm qemu-kvm-core-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-debugsource-7.2.0-14.el9_2.s390x.rpm qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.s390x.rpm qemu-kvm-device-display-virtio-gpu-ccw-7.2.0-14.el9_2.s390x.rpm qemu-kvm-device-display-virtio-gpu-ccw-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-device-usb-host-7.2.0-14.el9_2.s390x.rpm qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-docs-7.2.0-14.el9_2.s390x.rpm qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-kvm-tools-7.2.0-14.el9_2.s390x.rpm qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.s390x.rpm qemu-pr-helper-7.2.0-14.el9_2.s390x.rpm qemu-pr-helper-debuginfo-7.2.0-14.el9_2.s390x.rpm x86_64: qemu-guest-agent-7.2.0-14.el9_2.x86_64.rpm qemu-guest-agent-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-img-7.2.0-14.el9_2.x86_64.rpm qemu-img-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-audio-pa-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-audio-pa-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-block-curl-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-block-curl-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-block-rbd-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-block-rbd-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-common-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-common-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-core-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-core-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-debugsource-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-display-virtio-gpu-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-display-virtio-gpu-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-display-virtio-gpu-pci-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-display-virtio-gpu-pci-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-display-virtio-vga-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-display-virtio-vga-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-usb-host-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-usb-host-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-usb-redirect-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-device-usb-redirect-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-docs-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-tests-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-tools-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-tools-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-ui-egl-headless-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-ui-egl-headless-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-ui-opengl-7.2.0-14.el9_2.x86_64.rpm qemu-kvm-ui-opengl-debuginfo-7.2.0-14.el9_2.x86_64.rpm qemu-pr-helper-7.2.0-14.el9_2.x86_64.rpm qemu-pr-helper-debuginfo-7.2.0-14.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3165 https://access.redhat.com/security/cve/CVE-2022-4172 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo0NNzjgjWX9erEAQgUDA/+P3VBg0lYVjU2aMb0pl+ueXSmwaq4VHkN hsJSMS19tXnDjcy/4Yc9NGxec6ZP0X5UjVsTRDAecin9yfdR5x6O3Bvhej/xTouf 9LyOKBF585BDFLoSXG/Lv8zXQDHCVX14t+c6kHaeQKSkF7lZ1ql2BFJne1ebsYv7 hJd4UZ30ZR8dTgOhHLTal2Uo4eYmzujToeQvwBWodDAaYWVdFWgxh3Jw5ue1oU+m qpeBvtnRkgoES1GQdQyQXTzJQwod60n1OXbkuygUT3RTvCUPIFHIRF3fiTsqpEDQ n8iqYf87R4r7vfiuSlGUBSVj/nKhW9HKpDyUnyyNB9odQPXg4TKcB/VAuBphAimv 8ihIxv30mT1qbASMu6CvaUcvaseIldaXWxnuHBrYKPkm+q2oEniqn84J5u8N4iUP Lj3TxiwKYYjquiklLfHuyk08VZloL168W+/mKboMPQw1htmeSQlLr/s87O4GxckS N6TKXN7PxMvLsMu2mszMcCvgQMM0nin2lHLUmwKhh17dcT1Q0xPJE972h74iSZb2 cYehKKGq0k9oBY4qKQb2bL3eiC77P4e6UNez/Ek6l5gvcXz1gThCbJbTz1rgl7jK u1+vxOJ+g234Sjwj+u7i4r+6T0znOVsl3bJxdxIhUDPA/WbvhHRZOqq6G18NHRAu g5HpNV3xpEAŽe1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce