Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2021-3975) ELSA-2022-1759: virt:ol and virt-devel:ol security, bug fix, and enhancement update

Back to Search

Oracle Linux: (CVE-2021-3975) ELSA-2022-1759: virt:ol and virt-devel:ol security, bug fix, and enhancement update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
01/05/2022
Created
05/20/2022
Added
05/18/2022
Modified
05/18/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-1759:

hivex [1.3.18-23] - Limit recursion in ri-records (CVE-2021-3622) resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-5] - Fix libguestfs failure with qemu 6.2, libvirt 7.10 resolves: rhbz#2035177 [1:1.44.0-4] - Autodetect backing format for qemu-img create -b - Move appliance to separate subpackage - Read rpm database through librpm resolves: rhbz#2013916, rhbz#1989520, rhbz#1836094 [1.44.0-3.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libguestfs-winsupport [8.6-1] - Rebase to ntfs-3g 2021.8.22 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254 resolves: rhbz#2004490 libnbd [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) libvirt [8.0.0-5.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-5] - node_device: Rework udevKludgeStorageType() (rhbz#2056673) - node_device: Treat NVMe disks as regular disks (rhbz#2056673) [8.0.0-4] - qemu_command: Generate memory only after controllers (rhbz#2050697) - qemu: Validate domain definition even on migration (rhbz#2050702) [8.0.0-3] - qemuDomainSetupDisk: Initialize 'targetPaths' (rhbz#2046172) - RHEL: Remove[8.0.0-2]- Revert 'report error when virProcessGetStatInfo() is unable to parse data' (rhbz#2041610)- qemu: fix inactive snapshot revert (rhbz#2043584)[8.0.0-1]- Rebased to libvirt-8.0.0 (rhbz#2012802)libvirt-python[8.0.0-1]- Rebased to libvirt-python-8.0.0 (rhbz#2012806)perl-Sys-Virt[8.0.0-1]- Rebase to 8.0.0 release- Resolves: rhbz#2012813qemu-kvm[6.2.0-11]- kvm-target-i386-properly-reset-TSC-on-reset.patch [bz#1975840]- Resolves: bz#1975840 (Windows guest hangs after updating and restarting from the guest OS)[6.2.0-10]- kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2056986]- kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2056986]- kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2059311]- kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2059311]- kvm-tests-acpi-add-SLIC-table-test.patch [bz#2059311]- kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2059311]- kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2059311]- kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2059311]- kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2059311]- kvm-tests-acpi-update-expected-blobs.patch [bz#2059311]- kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2059311]- kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2059311]- Resolves: bz#2056986 (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04')- Resolves: bz#2059311 (Guest can not start with SLIC acpi table)[6.2.0-9]- kvm-Revert-redhat-Add-hw_compat_4_2_extra-and-apply-to-u.patch [bz#2061856]- kvm-Revert-redhat-Enable-FDC-device-for-upstream-machine.patch [bz#2061856]- kvm-Revert-redhat-Expose-upstream-machines-pc-4.2-and-pc.patch [bz#2061856]- kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2027208]- kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2054597]- kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2054597]- Resolves: bz#2061856 (Revert IBM-specific Ubuntu-compatibility machine type for 8.6-AV GA)- Resolves: bz#2027208 ([virtual network][vDPA] qemu crash after hot unplug vdpa device)- Resolves: bz#2054597 (Do operation to disk will hang in the guest of target host after hotplugging and migrating)[6.2.0-8]- kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch [bz#2035185]- kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch [bz#2035185]- kvm-iotests.py-Add-QemuStorageDaemon-class.patch [bz#2035185]- kvm-iotests-281-Test-lingering-timers.patch [bz#2035185]- kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch [bz#2035185]- kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch [bz#2035185]- Resolves: bz#2035185 (Qemu core dump when start guest with nbd node or do block jobs to nbd node)[6.2.0-7]- kvm-numa-Enable-numa-for-SGX-EPC-sections.patch [bz#1518984]- kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch [bz#1518984]- kvm-doc-Add-the-SGX-numa-description.patch [bz#1518984]- kvm-Enable-SGX-RH-Only.patch [bz#1518984]- kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch [bz#1518984]- kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch [bz#2041480]- kvm-iotests-block-status-cache-New-test.patch [bz#2041480]- Resolves: bz#1518984 ([Intel 8.6 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support)- Resolves: bz#2041480 ([incremental_backup] Inconsistent block status reply in qemu-nbd)[6.2.0-6]- kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2046198]- kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch [bz#2033279]- kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch [bz#2021778 bz#2036178]- kvm-iotests-stream-error-on-reset-New-test.patch [bz#2021778 bz#2036178]- kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch [bz#2037135]- kvm-block-rbd-workaround-for-ceph-issue-53784.patch [bz#2037135]- Resolves: bz#2046198 (CVE-2022-0358 virt:av/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-8.6])- Resolves: bz#2033279 ([wrb][qemu-kvm 6.2] The hot-unplugged device can not be hot-plugged back)- Resolves: bz#2021778 (Qemu core dump when do full backup during system reset)- Resolves: bz#2036178 (Qemu core dumped when do block-stream to a snapshot node on non-enough space storage)- Resolves: bz#2037135 (Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD)[6.2.0-5]- kvm-acpi-validate-hotplug-selector-on-access.patch [bz#2036580]- kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch [bz#2031035]- Resolves: bz#2036580 (CVE-2021-4158 virt:rhel/qemu-kvm: QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c [rhel-8])- Resolves: bz#2031035 (Add rhel-8.6.0 machine types for RHEL 8.6 [x86])[6.2.0-4]- kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch [bz#2031039]- kvm-hw-arm-virt-Register-its-as-a-class-property.patch [bz#2031039]- kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch [bz#2031039]- kvm-hw-arm-virt-Add-8.6-machine-type.patch [bz#2031039]- kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch [bz#2031039]- kvm-rhel-machine-types-x86-set-prefer_sockets.patch [bz#2029582]- Resolves: bz#2031039 (Add rhel-8.6.0 machine types for RHEL 8.6 [aarch64])- Resolves: bz#2029582 ([8.6] machine types: 6.2: Fix prefer_sockets)[6.2.0-2]- kvm-redhat-Add-rhel8.6.0-machine-type-for-s390x.patch [bz#2005325]- kvm-redhat-Define-pseries-rhel8.6.0-machine-type.patch [bz#2031041]- Resolves: bz#2005325 (Fix CPU Model for new IBM Z Hardware - qemu part)- Resolves: bz#2031041 (Add rhel-8.6.0 machine types for RHEL 8.6 [ppc64le])[6.2.0-1.el8]- Rebase to qemu-kvm 6.2.0- Resolves bz#2027716

Solution(s)

  • oracle-linux-upgrade-hivex
  • oracle-linux-upgrade-hivex-devel
  • oracle-linux-upgrade-libguestfs
  • oracle-linux-upgrade-libguestfs-appliance
  • oracle-linux-upgrade-libguestfs-bash-completion
  • oracle-linux-upgrade-libguestfs-devel
  • oracle-linux-upgrade-libguestfs-gfs2
  • oracle-linux-upgrade-libguestfs-gobject
  • oracle-linux-upgrade-libguestfs-gobject-devel
  • oracle-linux-upgrade-libguestfs-inspect-icons
  • oracle-linux-upgrade-libguestfs-java
  • oracle-linux-upgrade-libguestfs-java-devel
  • oracle-linux-upgrade-libguestfs-javadoc
  • oracle-linux-upgrade-libguestfs-man-pages-ja
  • oracle-linux-upgrade-libguestfs-man-pages-uk
  • oracle-linux-upgrade-libguestfs-rescue
  • oracle-linux-upgrade-libguestfs-rsync
  • oracle-linux-upgrade-libguestfs-tools
  • oracle-linux-upgrade-libguestfs-tools-c
  • oracle-linux-upgrade-libguestfs-winsupport
  • oracle-linux-upgrade-libguestfs-xfs
  • oracle-linux-upgrade-libiscsi
  • oracle-linux-upgrade-libiscsi-devel
  • oracle-linux-upgrade-libiscsi-utils
  • oracle-linux-upgrade-libnbd
  • oracle-linux-upgrade-libnbd-bash-completion
  • oracle-linux-upgrade-libnbd-devel
  • oracle-linux-upgrade-libtpms
  • oracle-linux-upgrade-libtpms-devel
  • oracle-linux-upgrade-libvirt
  • oracle-linux-upgrade-libvirt-client
  • oracle-linux-upgrade-libvirt-daemon
  • oracle-linux-upgrade-libvirt-daemon-config-network
  • oracle-linux-upgrade-libvirt-daemon-config-nwfilter
  • oracle-linux-upgrade-libvirt-daemon-driver-interface
  • oracle-linux-upgrade-libvirt-daemon-driver-network
  • oracle-linux-upgrade-libvirt-daemon-driver-nodedev
  • oracle-linux-upgrade-libvirt-daemon-driver-nwfilter
  • oracle-linux-upgrade-libvirt-daemon-driver-qemu
  • oracle-linux-upgrade-libvirt-daemon-driver-secret
  • oracle-linux-upgrade-libvirt-daemon-driver-storage
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-core
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-disk
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-logical
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd
  • oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi
  • oracle-linux-upgrade-libvirt-daemon-kvm
  • oracle-linux-upgrade-libvirt-dbus
  • oracle-linux-upgrade-libvirt-devel
  • oracle-linux-upgrade-libvirt-docs
  • oracle-linux-upgrade-libvirt-libs
  • oracle-linux-upgrade-libvirt-lock-sanlock
  • oracle-linux-upgrade-libvirt-nss
  • oracle-linux-upgrade-libvirt-python
  • oracle-linux-upgrade-libvirt-wireshark
  • oracle-linux-upgrade-lua-guestfs
  • oracle-linux-upgrade-nbdfuse
  • oracle-linux-upgrade-nbdkit
  • oracle-linux-upgrade-nbdkit-bash-completion
  • oracle-linux-upgrade-nbdkit-basic-filters
  • oracle-linux-upgrade-nbdkit-basic-plugins
  • oracle-linux-upgrade-nbdkit-curl-plugin
  • oracle-linux-upgrade-nbdkit-devel
  • oracle-linux-upgrade-nbdkit-example-plugins
  • oracle-linux-upgrade-nbdkit-gzip-filter
  • oracle-linux-upgrade-nbdkit-gzip-plugin
  • oracle-linux-upgrade-nbdkit-linuxdisk-plugin
  • oracle-linux-upgrade-nbdkit-nbd-plugin
  • oracle-linux-upgrade-nbdkit-python-plugin
  • oracle-linux-upgrade-nbdkit-server
  • oracle-linux-upgrade-nbdkit-ssh-plugin
  • oracle-linux-upgrade-nbdkit-tar-filter
  • oracle-linux-upgrade-nbdkit-tar-plugin
  • oracle-linux-upgrade-nbdkit-tmpdisk-plugin
  • oracle-linux-upgrade-nbdkit-vddk-plugin
  • oracle-linux-upgrade-nbdkit-xz-filter
  • oracle-linux-upgrade-netcf
  • oracle-linux-upgrade-netcf-devel
  • oracle-linux-upgrade-netcf-libs
  • oracle-linux-upgrade-ocaml-hivex
  • oracle-linux-upgrade-ocaml-hivex-devel
  • oracle-linux-upgrade-ocaml-libguestfs
  • oracle-linux-upgrade-ocaml-libguestfs-devel
  • oracle-linux-upgrade-ocaml-libnbd
  • oracle-linux-upgrade-ocaml-libnbd-devel
  • oracle-linux-upgrade-perl-hivex
  • oracle-linux-upgrade-perl-sys-guestfs
  • oracle-linux-upgrade-perl-sys-virt
  • oracle-linux-upgrade-python3-hivex
  • oracle-linux-upgrade-python3-libguestfs
  • oracle-linux-upgrade-python3-libnbd
  • oracle-linux-upgrade-python3-libvirt
  • oracle-linux-upgrade-qemu-guest-agent
  • oracle-linux-upgrade-qemu-img
  • oracle-linux-upgrade-qemu-kvm
  • oracle-linux-upgrade-qemu-kvm-block-curl
  • oracle-linux-upgrade-qemu-kvm-block-gluster
  • oracle-linux-upgrade-qemu-kvm-block-iscsi
  • oracle-linux-upgrade-qemu-kvm-block-rbd
  • oracle-linux-upgrade-qemu-kvm-block-ssh
  • oracle-linux-upgrade-qemu-kvm-common
  • oracle-linux-upgrade-qemu-kvm-core
  • oracle-linux-upgrade-qemu-kvm-docs
  • oracle-linux-upgrade-qemu-kvm-hw-usbredir
  • oracle-linux-upgrade-qemu-kvm-tests
  • oracle-linux-upgrade-qemu-kvm-ui-opengl
  • oracle-linux-upgrade-qemu-kvm-ui-spice
  • oracle-linux-upgrade-ruby-hivex
  • oracle-linux-upgrade-ruby-libguestfs
  • oracle-linux-upgrade-seabios
  • oracle-linux-upgrade-seabios-bin
  • oracle-linux-upgrade-seavgabios-bin
  • oracle-linux-upgrade-sgabios
  • oracle-linux-upgrade-sgabios-bin
  • oracle-linux-upgrade-supermin
  • oracle-linux-upgrade-supermin-devel
  • oracle-linux-upgrade-swtpm
  • oracle-linux-upgrade-swtpm-devel
  • oracle-linux-upgrade-swtpm-libs
  • oracle-linux-upgrade-swtpm-tools
  • oracle-linux-upgrade-swtpm-tools-pkcs11
  • oracle-linux-upgrade-virt-dib
  • oracle-linux-upgrade-virt-v2v
  • oracle-linux-upgrade-virt-v2v-bash-completion
  • oracle-linux-upgrade-virt-v2v-man-pages-ja
  • oracle-linux-upgrade-virt-v2v-man-pages-uk

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;