ELSA-2024-12674

ELSA-2024-12674 - qemu-kvm security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2024-09-19

Description


[7.2.0-15.el9]
- migration: abort on destination if switchover limit exceeded (Elena Ufimtseva)
- migration: introduce strict switchover SLA (Elena Ufimtseva)
- migration: add error to MigrationIncomingState (Elena Ufimtseva)
- migration: Set migration status early in incoming side (Fabiano Rosas)
- tests/qtest: migration: Use migrate_incoming_qmp where appropriate (Fabiano Rosas)
- tests/qtest: migration: Add migrate_incoming_qmp helper (Fabiano Rosas)
- tests/qtest: migration: Expose migrate_set_capability (Fabiano Rosas)
- vfio/migration: Multifd device state transfer support - send side (Maciej S. Szmigiero)
- vfio/migration: Add x-orcl-migration-multifd-transfer VFIO property (Maciej S. Szmigiero)
- vfio/migration: Multifd device state transfer support - receive side (Maciej S. Szmigiero)
- migration/multifd: Add migration_has_device_state_support() (Maciej S. Szmigiero)
- migration/multifd: Device state transfer support - send side (Maciej S. Szmigiero)
- migration/multifd: Convert multifd_send_pages::next_channel to atomic (Maciej S. Szmigiero)
- migration/multifd: Device state transfer support - receive side (Maciej S. Szmigiero)
- migration: Add load_finish handler and associated functions (Maciej S. Szmigiero)
- migration: Add qemu_loadvm_load_state_buffer() and its handler (Maciej S. Szmigiero)
- migration: Add save_live_complete_precopy_{begin,end} handlers (Maciej S. Szmigiero)
- migration/multifd: Zero p->flags before starting filling a packet (Maciej S. Szmigiero)
- migration/ram: Add load start trace event (Maciej S. Szmigiero)
- vfio/migration: Add save_{iterate,complete_precopy}_started trace events (Maciej S. Szmigiero)
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- pcie_sriov: Validate NumVFs (Akihiko Odaki) [Orabug: 36314082] {CVE-2024-26327}
- hw/nvme: Use pcie_sriov_num_vfs() (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328}
- pcie: Introduce pcie_sriov_num_vfs (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328}
- qcow2: Don't open data_file with BDRV_O_NO_IO (Kevin Wolf) [Orabug: 36801853] {CVE-2024-4467}
- target/i386: drop AMD machine check bits from Intel CPUID (Paolo Bonzini) [Orabug: 36785079]
- target/i386: pass X86CPU to x86_cpu_get_supported_feature_word (Paolo Bonzini) [Orabug: 36785079]
- migration: prevent migration when VM has poisoned memory (William Roche) [Orabug: 35533097]
- i386: Add support for overflow recovery (John Allen) [Orabug: 34691766]
- i386: Add support for SUCCOR feature (John Allen) [Orabug: 34691766]
- i386: Fix MCE support for AMD hosts (John Allen) [Orabug: 34691766]


Related CVEs


CVE-2024-26328
CVE-2024-26327
CVE-2024-3446
CVE-2024-4467

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) qemu-kvm-7.2.0-15.el9.src.rpm922a36fa6d586537ed095580ea850302-ol9_aarch64_kvm_utils
qemu-guest-agent-7.2.0-15.el9.aarch64.rpm87ba60fdbc77d142f9730ef0fbca9d14-ol9_aarch64_kvm_utils
qemu-img-7.2.0-15.el9.aarch64.rpm7dbe53e2335fcb1b15b4327022597910-ol9_aarch64_kvm_utils
qemu-kvm-7.2.0-15.el9.aarch64.rpmf0646379e3eed6f0458719b41638d58d-ol9_aarch64_kvm_utils
qemu-kvm-block-curl-7.2.0-15.el9.aarch64.rpm16b91b22e3f043a5cc7c43bf9ecb8c59-ol9_aarch64_kvm_utils
qemu-kvm-block-iscsi-7.2.0-15.el9.aarch64.rpmc9c901450721c9d3c0803e84e8aedbb1-ol9_aarch64_kvm_utils
qemu-kvm-block-rbd-7.2.0-15.el9.aarch64.rpm6335ffa669b8cfc033da947d666a059c-ol9_aarch64_kvm_utils
qemu-kvm-block-ssh-7.2.0-15.el9.aarch64.rpm8c3420511417726b05197eebf3075b9b-ol9_aarch64_kvm_utils
qemu-kvm-common-7.2.0-15.el9.aarch64.rpm159d083edd19cc8dd1036ffc772178b0-ol9_aarch64_kvm_utils
qemu-kvm-core-7.2.0-15.el9.aarch64.rpm16763ddffe19c7fa17e6dc0268726e17-ol9_aarch64_kvm_utils
qemu-virtiofsd-7.2.0-15.el9.aarch64.rpm79342e645f32bf7b266bd4e2d881ee5e-ol9_aarch64_kvm_utils
Oracle Linux 9 (x86_64) qemu-kvm-7.2.0-15.el9.src.rpm922a36fa6d586537ed095580ea850302-ol9_x86_64_kvm_utils
qemu-guest-agent-7.2.0-15.el9.x86_64.rpm1071944dbf1c161b65e595f53e79d944-ol9_x86_64_kvm_utils
qemu-img-7.2.0-15.el9.x86_64.rpm8fb33b7cc107eec10984fb67277a3474-ol9_x86_64_kvm_utils
qemu-kvm-7.2.0-15.el9.x86_64.rpme0bd2875472ca01017174730782abdd7-ol9_x86_64_kvm_utils
qemu-kvm-block-curl-7.2.0-15.el9.x86_64.rpm017026fbebee953a8aaf12df030fb4af-ol9_x86_64_kvm_utils
qemu-kvm-block-iscsi-7.2.0-15.el9.x86_64.rpmfb58242ea84aabdf225eb74ced86d055-ol9_x86_64_kvm_utils
qemu-kvm-block-rbd-7.2.0-15.el9.x86_64.rpmc158011c8d241a322135672df0059b90-ol9_x86_64_kvm_utils
qemu-kvm-block-ssh-7.2.0-15.el9.x86_64.rpm3af51535f843cad8c3202cf5a711118a-ol9_x86_64_kvm_utils
qemu-kvm-common-7.2.0-15.el9.x86_64.rpmec207776127724a5bcf690fe22a79206-ol9_x86_64_kvm_utils
qemu-kvm-core-7.2.0-15.el9.x86_64.rpm31d75b6811c43eff0ed2808939117426-ol9_x86_64_kvm_utils
qemu-virtiofsd-7.2.0-15.el9.x86_64.rpm32ce199c9edec46007181c5be355a7d6-ol9_x86_64_kvm_utils


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete