ELSA-2024-12674
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-12674
ELSA-2024-12674 - qemu-kvm security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2024-09-19 |
Description
[7.2.0-15.el9]
- migration: abort on destination if switchover limit exceeded (Elena Ufimtseva)
- migration: introduce strict switchover SLA (Elena Ufimtseva)
- migration: add error to MigrationIncomingState (Elena Ufimtseva)
- migration: Set migration status early in incoming side (Fabiano Rosas)
- tests/qtest: migration: Use migrate_incoming_qmp where appropriate (Fabiano Rosas)
- tests/qtest: migration: Add migrate_incoming_qmp helper (Fabiano Rosas)
- tests/qtest: migration: Expose migrate_set_capability (Fabiano Rosas)
- vfio/migration: Multifd device state transfer support - send side (Maciej S. Szmigiero)
- vfio/migration: Add x-orcl-migration-multifd-transfer VFIO property (Maciej S. Szmigiero)
- vfio/migration: Multifd device state transfer support - receive side (Maciej S. Szmigiero)
- migration/multifd: Add migration_has_device_state_support() (Maciej S. Szmigiero)
- migration/multifd: Device state transfer support - send side (Maciej S. Szmigiero)
- migration/multifd: Convert multifd_send_pages::next_channel to atomic (Maciej S. Szmigiero)
- migration/multifd: Device state transfer support - receive side (Maciej S. Szmigiero)
- migration: Add load_finish handler and associated functions (Maciej S. Szmigiero)
- migration: Add qemu_loadvm_load_state_buffer() and its handler (Maciej S. Szmigiero)
- migration: Add save_live_complete_precopy_{begin,end} handlers (Maciej S. Szmigiero)
- migration/multifd: Zero p->flags before starting filling a packet (Maciej S. Szmigiero)
- migration/ram: Add load start trace event (Maciej S. Szmigiero)
- vfio/migration: Add save_{iterate,complete_precopy}_started trace events (Maciej S. Szmigiero)
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446}
- pcie_sriov: Validate NumVFs (Akihiko Odaki) [Orabug: 36314082] {CVE-2024-26327}
- hw/nvme: Use pcie_sriov_num_vfs() (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328}
- pcie: Introduce pcie_sriov_num_vfs (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328}
- qcow2: Don't open data_file with BDRV_O_NO_IO (Kevin Wolf) [Orabug: 36801853] {CVE-2024-4467}
- target/i386: drop AMD machine check bits from Intel CPUID (Paolo Bonzini) [Orabug: 36785079]
- target/i386: pass X86CPU to x86_cpu_get_supported_feature_word (Paolo Bonzini) [Orabug: 36785079]
- migration: prevent migration when VM has poisoned memory (William Roche) [Orabug: 35533097]
- i386: Add support for overflow recovery (John Allen) [Orabug: 34691766]
- i386: Add support for SUCCOR feature (John Allen) [Orabug: 34691766]
- i386: Fix MCE support for AMD hosts (John Allen) [Orabug: 34691766]
Related CVEs
| CVE-2024-26328 |
| CVE-2024-26327 |
| CVE-2024-3446 |
| CVE-2024-4467 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | qemu-kvm-7.2.0-15.el9.src.rpm | 922a36fa6d586537ed095580ea850302 | - | ol9_aarch64_kvm_utils |
| qemu-guest-agent-7.2.0-15.el9.aarch64.rpm | 87ba60fdbc77d142f9730ef0fbca9d14 | - | ol9_aarch64_kvm_utils | |
| qemu-img-7.2.0-15.el9.aarch64.rpm | 7dbe53e2335fcb1b15b4327022597910 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-7.2.0-15.el9.aarch64.rpm | f0646379e3eed6f0458719b41638d58d | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-curl-7.2.0-15.el9.aarch64.rpm | 16b91b22e3f043a5cc7c43bf9ecb8c59 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-iscsi-7.2.0-15.el9.aarch64.rpm | c9c901450721c9d3c0803e84e8aedbb1 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-rbd-7.2.0-15.el9.aarch64.rpm | 6335ffa669b8cfc033da947d666a059c | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-ssh-7.2.0-15.el9.aarch64.rpm | 8c3420511417726b05197eebf3075b9b | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-common-7.2.0-15.el9.aarch64.rpm | 159d083edd19cc8dd1036ffc772178b0 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-core-7.2.0-15.el9.aarch64.rpm | 16763ddffe19c7fa17e6dc0268726e17 | - | ol9_aarch64_kvm_utils | |
| qemu-virtiofsd-7.2.0-15.el9.aarch64.rpm | 79342e645f32bf7b266bd4e2d881ee5e | - | ol9_aarch64_kvm_utils | |
| Oracle Linux 9 (x86_64) | qemu-kvm-7.2.0-15.el9.src.rpm | 922a36fa6d586537ed095580ea850302 | - | ol9_x86_64_kvm_utils |
| qemu-guest-agent-7.2.0-15.el9.x86_64.rpm | 1071944dbf1c161b65e595f53e79d944 | - | ol9_x86_64_kvm_utils | |
| qemu-img-7.2.0-15.el9.x86_64.rpm | 8fb33b7cc107eec10984fb67277a3474 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-7.2.0-15.el9.x86_64.rpm | e0bd2875472ca01017174730782abdd7 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-curl-7.2.0-15.el9.x86_64.rpm | 017026fbebee953a8aaf12df030fb4af | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-iscsi-7.2.0-15.el9.x86_64.rpm | fb58242ea84aabdf225eb74ced86d055 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-rbd-7.2.0-15.el9.x86_64.rpm | c158011c8d241a322135672df0059b90 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-ssh-7.2.0-15.el9.x86_64.rpm | 3af51535f843cad8c3202cf5a711118a | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-common-7.2.0-15.el9.x86_64.rpm | ec207776127724a5bcf690fe22a79206 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-core-7.2.0-15.el9.x86_64.rpm | 31d75b6811c43eff0ed2808939117426 | - | ol9_x86_64_kvm_utils | |
| qemu-virtiofsd-7.2.0-15.el9.x86_64.rpm | 32ce199c9edec46007181c5be355a7d6 | - | ol9_x86_64_kvm_utils | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
