ELSA-2024-12407

ELSA-2024-12407 - qemu-kvm security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-06-03

Description


[7.2.0-11.el9]
- vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758]
- vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758]
- migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758]
- ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683}
- ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683}
- virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693}
- esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474}
- vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu)
- vhost: dirty log should be per backend type (Si-Wei Liu)
- net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019}
- net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019}
- lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750}
- memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}
- hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young)
- migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218]
- kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244]
- migration: Avoid usage of static variable inside tracepoint (Joao Martins)
- migration: Add tracepoints for downtime checkpoints (Peter Xu)
- migration: migration_stop_vm() helper (Peter Xu)
- migration: Add per vmstate downtime tracepoints (Peter Xu)
- migration: Add migration_downtime_start|end() helpers (Peter Xu)
- migration: Set downtime_start even for postcopy (Peter Xu)
- hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero)
- hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero)
- qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero)
- qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero)
- Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero)
- Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero)
- Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero)
- memory-device: Drop size alignment check (David Hildenbrand)
- memory-device: Support empty memory devices (David Hildenbrand)
- memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand)
- memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand)
- memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand)
- vhost: Add vhost_get_max_memslots() (David Hildenbrand)
- kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand)
- memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand)
- memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand)
- stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand)
- memory-device: Support memory devices with multiple memslots (David Hildenbrand)
- vhost: Return number of free memslots (David Hildenbrand)
- kvm: Return number of free memslots (David Hildenbrand)
- vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand)
- vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand)
- virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand)
- migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand)
- virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand)
- softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand)
- memory-device: Track used region size in DeviceMemoryState (David Hildenbrand)
- memory-device: Refactor memory_device_pre_plug() (David Hildenbrand)
- hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand)
- hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand)
- hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand)
- hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand)
- hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand)
- hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand)
- memory-device: Introduce machine_memory_devices_init() (David Hildenbrand)
- memory-device: Unify enabled vs. supported error messages (David Hildenbrand)
- hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467}
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088}
- hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088}

[7.2.0-7.el9]
- vfio/common: Probe type1 iommu dirty tracking support (Joao Martins) [Orabug: 36024839]
- vfio/common: Allow disabling device dirty page tracking (Joao Martins) [Orabug: 36024839]


Related CVEs


CVE-2023-6693
CVE-2023-5088
CVE-2024-24474
CVE-2023-3019
CVE-2023-42467
CVE-2021-3750
CVE-2023-6683

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) qemu-kvm-7.2.0-11.el9.src.rpm3c557122afd2b4e2e641534f30587eed-ol9_aarch64_kvm_utils
qemu-guest-agent-7.2.0-11.el9.aarch64.rpma2e5912c3fb809e206c67fbd7e336ade-ol9_aarch64_kvm_utils
qemu-img-7.2.0-11.el9.aarch64.rpmcd989fdd63e58285ca0aa5b4a840b89f-ol9_aarch64_kvm_utils
qemu-kvm-7.2.0-11.el9.aarch64.rpm72ac08700e67e44f2e4e6d0307221f34-ol9_aarch64_kvm_utils
qemu-kvm-block-curl-7.2.0-11.el9.aarch64.rpm754e07ef5bf8a2b4df6532b3e77bc687-ol9_aarch64_kvm_utils
qemu-kvm-block-iscsi-7.2.0-11.el9.aarch64.rpm8b545e5fbccd31b5aa342e4a2892dd30-ol9_aarch64_kvm_utils
qemu-kvm-block-rbd-7.2.0-11.el9.aarch64.rpm1e19919b5a5bfc9bd9d9308e4ee1f338-ol9_aarch64_kvm_utils
qemu-kvm-block-ssh-7.2.0-11.el9.aarch64.rpmfe19d802af129dffff7725aa7151c893-ol9_aarch64_kvm_utils
qemu-kvm-common-7.2.0-11.el9.aarch64.rpm3bd32b7cab1f35116f66dcf774fe132d-ol9_aarch64_kvm_utils
qemu-kvm-core-7.2.0-11.el9.aarch64.rpmf5b7b7428e8e13f35712342ce0a54a03-ol9_aarch64_kvm_utils
qemu-virtiofsd-7.2.0-11.el9.aarch64.rpm921a22e5931d200fc58b1cc75916da4d-ol9_aarch64_kvm_utils
Oracle Linux 9 (x86_64) qemu-kvm-7.2.0-11.el9.src.rpm3c557122afd2b4e2e641534f30587eed-ol9_x86_64_kvm_utils
qemu-guest-agent-7.2.0-11.el9.x86_64.rpm4a100304cc2730de4968f5467caf5d25-ol9_x86_64_kvm_utils
qemu-img-7.2.0-11.el9.x86_64.rpm4c2b3e2c9ea9dc16603afd9fcff3106c-ol9_x86_64_kvm_utils
qemu-kvm-7.2.0-11.el9.x86_64.rpm9b701c780c35d69b3df59d5f761c0999-ol9_x86_64_kvm_utils
qemu-kvm-block-curl-7.2.0-11.el9.x86_64.rpm0d3c17c473ca361d0b1b223f02148dae-ol9_x86_64_kvm_utils
qemu-kvm-block-iscsi-7.2.0-11.el9.x86_64.rpmb5933c1a0d49552abdedf5a07bb96abd-ol9_x86_64_kvm_utils
qemu-kvm-block-rbd-7.2.0-11.el9.x86_64.rpmee9063d8f6187aad3d1d1ff140a5ec44-ol9_x86_64_kvm_utils
qemu-kvm-block-ssh-7.2.0-11.el9.x86_64.rpmf6d340cd02794b7d8907ffcbda3bae00-ol9_x86_64_kvm_utils
qemu-kvm-common-7.2.0-11.el9.x86_64.rpm505b5dd20e2edfe3ebdc4fe007ebcdf9-ol9_x86_64_kvm_utils
qemu-kvm-core-7.2.0-11.el9.x86_64.rpmf6ec91cf047e9e0c20413dd0c14be660-ol9_x86_64_kvm_utils
qemu-virtiofsd-7.2.0-11.el9.x86_64.rpm6f0a4f0f75d135075a1993bbe5a28483-ol9_x86_64_kvm_utils



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete