{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for qemu","title":"Title of the patch"},{"category":"description","text":"This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981)\n- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010)\n- CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990)\n- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681)\n- CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380)\n- For the record, these issues are fixed in this package already.\n  Most are alternate references to previously mentioned issues:\n  (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,\n  CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,\n  CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,\n  CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,\n  CVE-2021-3419, bsc#1182975)\n\nNon-security issues fixed:\n\n- Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979)\n- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)\n- Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785):\n- Fix testsuite error (bsc#1184574)\n- Fix qemu crash with iothread when block commit after snapshot (bsc#1187013)\n- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)\n- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","title":"Description of the patch"},{"category":"details","text":"openSUSE-2021-1043","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1043-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2021:1043-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVDDMT7IUGYOEFTYO3UWD73PJMJL4FSY/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2021:1043-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVDDMT7IUGYOEFTYO3UWD73PJMJL4FSY/"},{"category":"self","summary":"SUSE Bug 1149813","url":"https://bugzilla.suse.com/1149813"},{"category":"self","summary":"SUSE Bug 1163019","url":"https://bugzilla.suse.com/1163019"},{"category":"self","summary":"SUSE Bug 1172380","url":"https://bugzilla.suse.com/1172380"},{"category":"self","summary":"SUSE Bug 1175534","url":"https://bugzilla.suse.com/1175534"},{"category":"self","summary":"SUSE Bug 1176681","url":"https://bugzilla.suse.com/1176681"},{"category":"self","summary":"SUSE Bug 1178683","url":"https://bugzilla.suse.com/1178683"},{"category":"self","summary":"SUSE Bug 1178935","url":"https://bugzilla.suse.com/1178935"},{"category":"self","summary":"SUSE Bug 1179477","url":"https://bugzilla.suse.com/1179477"},{"category":"self","summary":"SUSE Bug 1179484","url":"https://bugzilla.suse.com/1179484"},{"category":"self","summary":"SUSE Bug 1182846","url":"https://bugzilla.suse.com/1182846"},{"category":"self","summary":"SUSE Bug 1182975","url":"https://bugzilla.suse.com/1182975"},{"category":"self","summary":"SUSE Bug 1183979","url":"https://bugzilla.suse.com/1183979"},{"category":"self","summary":"SUSE Bug 1184574","url":"https://bugzilla.suse.com/1184574"},{"category":"self","summary":"SUSE Bug 1185591","url":"https://bugzilla.suse.com/1185591"},{"category":"self","summary":"SUSE Bug 1185981","url":"https://bugzilla.suse.com/1185981"},{"category":"self","summary":"SUSE Bug 1185990","url":"https://bugzilla.suse.com/1185990"},{"category":"self","summary":"SUSE Bug 1186010","url":"https://bugzilla.suse.com/1186010"},{"category":"self","summary":"SUSE Bug 1186290","url":"https://bugzilla.suse.com/1186290"},{"category":"self","summary":"SUSE Bug 1187013","url":"https://bugzilla.suse.com/1187013"},{"category":"self","summary":"SUSE CVE CVE-2019-15890 page","url":"https://www.suse.com/security/cve/CVE-2019-15890/"},{"category":"self","summary":"SUSE CVE CVE-2020-10756 page","url":"https://www.suse.com/security/cve/CVE-2020-10756/"},{"category":"self","summary":"SUSE CVE CVE-2020-14364 page","url":"https://www.suse.com/security/cve/CVE-2020-14364/"},{"category":"self","summary":"SUSE CVE CVE-2020-25085 page","url":"https://www.suse.com/security/cve/CVE-2020-25085/"},{"category":"self","summary":"SUSE CVE CVE-2020-25707 page","url":"https://www.suse.com/security/cve/CVE-2020-25707/"},{"category":"self","summary":"SUSE CVE CVE-2020-25723 page","url":"https://www.suse.com/security/cve/CVE-2020-25723/"},{"category":"self","summary":"SUSE CVE CVE-2020-29129 page","url":"https://www.suse.com/security/cve/CVE-2020-29129/"},{"category":"self","summary":"SUSE CVE CVE-2020-29130 page","url":"https://www.suse.com/security/cve/CVE-2020-29130/"},{"category":"self","summary":"SUSE CVE CVE-2020-8608 page","url":"https://www.suse.com/security/cve/CVE-2020-8608/"},{"category":"self","summary":"SUSE CVE CVE-2021-20257 page","url":"https://www.suse.com/security/cve/CVE-2021-20257/"},{"category":"self","summary":"SUSE CVE CVE-2021-3419 page","url":"https://www.suse.com/security/cve/CVE-2021-3419/"},{"category":"self","summary":"SUSE CVE CVE-2021-3544 page","url":"https://www.suse.com/security/cve/CVE-2021-3544/"},{"category":"self","summary":"SUSE CVE CVE-2021-3545 page","url":"https://www.suse.com/security/cve/CVE-2021-3545/"},{"category":"self","summary":"SUSE CVE CVE-2021-3546 page","url":"https://www.suse.com/security/cve/CVE-2021-3546/"}],"title":"Security update for qemu","tracking":{"current_release_date":"2021-07-13T22:06:05Z","generator":{"date":"2021-07-13T22:06:05Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2021:1043-1","initial_release_date":"2021-07-13T22:06:05Z","revision_history":[{"date":"2021-07-13T22:06:05Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","product":{"name":"qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","product_id":"qemu-ipxe-1.0.0+-lp152.9.16.2.noarch"}},{"category":"product_version","name":"qemu-microvm-4.2.1-lp152.9.16.2.noarch","product":{"name":"qemu-microvm-4.2.1-lp152.9.16.2.noarch","product_id":"qemu-microvm-4.2.1-lp152.9.16.2.noarch"}},{"category":"product_version","name":"qemu-seabios-1.12.1+-lp152.9.16.2.noarch","product":{"name":"qemu-seabios-1.12.1+-lp152.9.16.2.noarch","product_id":"qemu-seabios-1.12.1+-lp152.9.16.2.noarch"}},{"category":"product_version","name":"qemu-sgabios-8-lp152.9.16.2.noarch","product":{"name":"qemu-sgabios-8-lp152.9.16.2.noarch","product_id":"qemu-sgabios-8-lp152.9.16.2.noarch"}},{"category":"product_version","name":"qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","product":{"name":"qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","product_id":"qemu-vgabios-1.12.1+-lp152.9.16.2.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"qemu-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-arm-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-arm-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-arm-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-curl-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-extra-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-extra-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-extra-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-ksm-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-ksm-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-ksm-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-kvm-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-kvm-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-kvm-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-lang-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-lang-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-lang-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","product":{"name":"qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","product_id":"qemu-linux-user-4.2.1-lp152.9.16.1.x86_64"}},{"category":"product_version","name":"qemu-ppc-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-ppc-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-ppc-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-s390-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-s390-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-s390-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","product":{"name":"qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","product_id":"qemu-testsuite-4.2.1-lp152.9.16.7.x86_64"}},{"category":"product_version","name":"qemu-tools-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-tools-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-tools-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64"}},{"category":"product_version","name":"qemu-x86-4.2.1-lp152.9.16.2.x86_64","product":{"name":"qemu-x86-4.2.1-lp152.9.16.2.x86_64","product_id":"qemu-x86-4.2.1-lp152.9.16.2.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"qemu-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-arm-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-arm-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-curl-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-extra-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-extra-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ipxe-1.0.0+-lp152.9.16.2.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch"},"product_reference":"qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ksm-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-ksm-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-kvm-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-kvm-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-lang-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-lang-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-linux-user-4.2.1-lp152.9.16.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64"},"product_reference":"qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-microvm-4.2.1-lp152.9.16.2.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch"},"product_reference":"qemu-microvm-4.2.1-lp152.9.16.2.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ppc-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-ppc-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-s390-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-s390-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-seabios-1.12.1+-lp152.9.16.2.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch"},"product_reference":"qemu-seabios-1.12.1+-lp152.9.16.2.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-sgabios-8-lp152.9.16.2.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch"},"product_reference":"qemu-sgabios-8-lp152.9.16.2.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-testsuite-4.2.1-lp152.9.16.7.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64"},"product_reference":"qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-tools-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-tools-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-vgabios-1.12.1+-lp152.9.16.2.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch"},"product_reference":"qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"qemu-x86-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"},"product_reference":"qemu-x86-4.2.1-lp152.9.16.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2019-15890","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-15890"}],"notes":[{"category":"general","text":"libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-15890","url":"https://www.suse.com/security/cve/CVE-2019-15890"},{"category":"external","summary":"SUSE Bug 1149811 for CVE-2019-15890","url":"https://bugzilla.suse.com/1149811"},{"category":"external","summary":"SUSE Bug 1149813 for CVE-2019-15890","url":"https://bugzilla.suse.com/1149813"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2019-15890","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2019-15890"},{"cve":"CVE-2020-10756","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-10756"}],"notes":[{"category":"general","text":"An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-10756","url":"https://www.suse.com/security/cve/CVE-2020-10756"},{"category":"external","summary":"SUSE Bug 1172380 for CVE-2020-10756","url":"https://bugzilla.suse.com/1172380"},{"category":"external","summary":"SUSE Bug 1184743 for CVE-2020-10756","url":"https://bugzilla.suse.com/1184743"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2020-10756"},{"cve":"CVE-2020-14364","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-14364"}],"notes":[{"category":"general","text":"An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-14364","url":"https://www.suse.com/security/cve/CVE-2020-14364"},{"category":"external","summary":"SUSE Bug 1175441 for CVE-2020-14364","url":"https://bugzilla.suse.com/1175441"},{"category":"external","summary":"SUSE Bug 1175534 for CVE-2020-14364","url":"https://bugzilla.suse.com/1175534"},{"category":"external","summary":"SUSE Bug 1176494 for CVE-2020-14364","url":"https://bugzilla.suse.com/1176494"},{"category":"external","summary":"SUSE Bug 1177130 for CVE-2020-14364","url":"https://bugzilla.suse.com/1177130"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2020-14364"},{"cve":"CVE-2020-25085","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25085"}],"notes":[{"category":"general","text":"QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25085","url":"https://www.suse.com/security/cve/CVE-2020-25085"},{"category":"external","summary":"SUSE Bug 1176681 for CVE-2020-25085","url":"https://bugzilla.suse.com/1176681"},{"category":"external","summary":"SUSE Bug 1182282 for CVE-2020-25085","url":"https://bugzilla.suse.com/1182282"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2020-25085"},{"cve":"CVE-2020-25707","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25707"}],"notes":[{"category":"general","text":"DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-2891","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25707","url":"https://www.suse.com/security/cve/CVE-2020-25707"},{"category":"external","summary":"SUSE Bug 1178683 for CVE-2020-25707","url":"https://bugzilla.suse.com/1178683"},{"category":"external","summary":"SUSE Bug 1179468 for CVE-2020-25707","url":"https://bugzilla.suse.com/1179468"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2020-25707"},{"cve":"CVE-2020-25723","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25723"}],"notes":[{"category":"general","text":"A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25723","url":"https://www.suse.com/security/cve/CVE-2020-25723"},{"category":"external","summary":"SUSE Bug 1178934 for CVE-2020-25723","url":"https://bugzilla.suse.com/1178934"},{"category":"external","summary":"SUSE Bug 1178935 for CVE-2020-25723","url":"https://bugzilla.suse.com/1178935"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.2,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"low"}],"title":"CVE-2020-25723"},{"cve":"CVE-2020-29129","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-29129"}],"notes":[{"category":"general","text":"ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-29129","url":"https://www.suse.com/security/cve/CVE-2020-29129"},{"category":"external","summary":"SUSE Bug 1179466 for CVE-2020-29129","url":"https://bugzilla.suse.com/1179466"},{"category":"external","summary":"SUSE Bug 1179467 for CVE-2020-29129","url":"https://bugzilla.suse.com/1179467"},{"category":"external","summary":"SUSE Bug 1179477 for CVE-2020-29129","url":"https://bugzilla.suse.com/1179477"},{"category":"external","summary":"SUSE Bug 1179484 for CVE-2020-29129","url":"https://bugzilla.suse.com/1179484"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":2.7,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2020-29129"},{"cve":"CVE-2020-29130","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-29130"}],"notes":[{"category":"general","text":"slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-29130","url":"https://www.suse.com/security/cve/CVE-2020-29130"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2020-29130","url":"https://bugzilla.suse.com/1178658"},{"category":"external","summary":"SUSE Bug 1179467 for CVE-2020-29130","url":"https://bugzilla.suse.com/1179467"},{"category":"external","summary":"SUSE Bug 1179477 for CVE-2020-29130","url":"https://bugzilla.suse.com/1179477"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2020-29130"},{"cve":"CVE-2020-8608","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-8608"}],"notes":[{"category":"general","text":"In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-8608","url":"https://www.suse.com/security/cve/CVE-2020-8608"},{"category":"external","summary":"SUSE Bug 1163018 for CVE-2020-8608","url":"https://bugzilla.suse.com/1163018"},{"category":"external","summary":"SUSE Bug 1163019 for CVE-2020-8608","url":"https://bugzilla.suse.com/1163019"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"important"}],"title":"CVE-2020-8608"},{"cve":"CVE-2021-20257","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-20257"}],"notes":[{"category":"general","text":"An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-20257","url":"https://www.suse.com/security/cve/CVE-2021-20257"},{"category":"external","summary":"SUSE Bug 1182577 for CVE-2021-20257","url":"https://bugzilla.suse.com/1182577"},{"category":"external","summary":"SUSE Bug 1182846 for CVE-2021-20257","url":"https://bugzilla.suse.com/1182846"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.2,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"low"}],"title":"CVE-2021-20257"},{"cve":"CVE-2021-3419","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3419"}],"notes":[{"category":"general","text":"DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3419","url":"https://www.suse.com/security/cve/CVE-2021-3419"},{"category":"external","summary":"SUSE Bug 1182968 for CVE-2021-3419","url":"https://bugzilla.suse.com/1182968"},{"category":"external","summary":"SUSE Bug 1182975 for CVE-2021-3419","url":"https://bugzilla.suse.com/1182975"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2021-3419"},{"cve":"CVE-2021-3544","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3544"}],"notes":[{"category":"general","text":"Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3544","url":"https://www.suse.com/security/cve/CVE-2021-3544"},{"category":"external","summary":"SUSE Bug 1186010 for CVE-2021-3544","url":"https://bugzilla.suse.com/1186010"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2021-3544"},{"cve":"CVE-2021-3545","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3545"}],"notes":[{"category":"general","text":"An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3545","url":"https://www.suse.com/security/cve/CVE-2021-3545"},{"category":"external","summary":"SUSE Bug 1185990 for CVE-2021-3545","url":"https://bugzilla.suse.com/1185990"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2021-3545"},{"cve":"CVE-2021-3546","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3546"}],"notes":[{"category":"general","text":"An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3546","url":"https://www.suse.com/security/cve/CVE-2021-3546"},{"category":"external","summary":"SUSE Bug 1185981 for CVE-2021-3546","url":"https://bugzilla.suse.com/1185981"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64","openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64","openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch","openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64","openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"]}],"threats":[{"category":"impact","date":"2021-07-13T22:06:05Z","details":"moderate"}],"title":"CVE-2021-3546"}]}