The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0761-1 advisory.
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. (CVE-2020-13253)
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. (CVE-2020-13754)
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. (CVE-2020-14394)
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. (CVE-2020-17380)
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. (CVE-2020-25085)
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. (CVE-2021-3409)
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. (CVE-2021-3507)
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. (CVE-2021-3929)
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. (CVE-2021-4206)
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. (CVE-2022-0216)
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. (CVE-2022-1050)
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Affected QEMU versions <= 6.2.0. (CVE-2022-26354)
DISPUTED softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non- virtualization Use Case in the qemu.org reference applies here, i.e., Bugs affecting the non- virtualization use case are not considered security bugs at this time. (CVE-2022-35414)
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. (CVE-2022-4144)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:0761-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(172642);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/28");
script_cve_id(
"CVE-2020-13253",
"CVE-2020-13754",
"CVE-2020-14394",
"CVE-2020-17380",
"CVE-2020-25085",
"CVE-2021-3409",
"CVE-2021-3507",
"CVE-2021-3929",
"CVE-2021-4206",
"CVE-2022-0216",
"CVE-2022-1050",
"CVE-2022-4144",
"CVE-2022-26354",
"CVE-2022-35414"
);
script_xref(name:"IAVB", value:"2020-B-0026-S");
script_xref(name:"IAVB", value:"2020-B-0041-S");
script_xref(name:"IAVB", value:"2020-B-0063-S");
script_xref(name:"IAVB", value:"2020-B-0075-S");
script_xref(name:"SuSE", value:"SUSE-SU-2023:0761-1");
script_xref(name:"IAVB", value:"2022-B-0057-S");
script_name(english:"SUSE SLES12 Security Update : qemu (SUSE-SU-2023:0761-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:0761-1 advisory.
- sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read
during sdhci_write() operations. A guest OS user can crash the QEMU process. (CVE-2020-13253)
- hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address
in an msi-x mmio operation. (CVE-2020-13754)
- An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of
the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process
on the host, resulting in a denial of service. (CVE-2020-14394)
- A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It
could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in
hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host,
resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the
QEMU process on the host. (CVE-2020-17380)
- QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c
mishandles a write operation in the SDHC_BLKSIZE case. (CVE-2020-25085)
- The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to
the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This
flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of
service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. (CVE-2021-3409)
- A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could
occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the
floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on
the host resulting in DoS scenario, or potential information leakage from the host memory. (CVE-2021-3507)
- A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is
similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function
nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could
use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or,
potentially, executing arbitrary code within the context of the QEMU process on the host. (CVE-2021-3929)
- A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc()
function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer
overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or
potentially execute arbitrary code within the context of the QEMU process. (CVE-2021-4206)
- A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The
flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout
function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the
host, resulting in a denial of service. (CVE-2022-0216)
- A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a
crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading
to a use-after-free condition. (CVE-2022-1050)
- A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached
from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
Affected QEMU versions <= 6.2.0. (CVE-2022-26354)
- ** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the
translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-
virtualization Use Case in the qemu.org reference applies here, i.e., Bugs affecting the non-
virtualization use case are not considered security bugs at this time. (CVE-2022-35414)
- An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt()
function does not check the size of the structure pointed to by the guest physical address, potentially
reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to
crash the QEMU process on the host causing a denial of service condition. (CVE-2022-4144)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172033");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172382");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1175144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180207");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1182282");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185000");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1193880");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197653");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198035");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198712");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201367");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205808");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-13253");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-13754");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-14394");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-17380");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25085");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3409");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3507");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3929");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-4206");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0216");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1050");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-26354");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-35414");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-4144");
# https://lists.suse.com/pipermail/sle-security-updates/2023-March/014067.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fc6e68d2");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-35414");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ipxe");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-seabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-sgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-vgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'qemu-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-arm-3.1.1.1-66.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-audio-alsa-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-audio-oss-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-audio-pa-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-audio-sdl-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-block-curl-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-block-iscsi-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-block-rbd-3.1.1.1-66.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-block-rbd-3.1.1.1-66.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-block-ssh-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-guest-agent-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-ipxe-1.0.0+-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-kvm-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-lang-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-s390-3.1.1.1-66.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-seabios-1.12.0_0_ga698c89-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-sgabios-8-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-tools-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-ui-curses-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-ui-gtk-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-ui-sdl-3.1.1.1-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-vgabios-1.12.0_0_ga698c89-66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-x86-3.1.1.1-66.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'qemu-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-arm-3.1.1.1-66.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-audio-alsa-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-audio-oss-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-audio-pa-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-audio-sdl-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-block-curl-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-block-iscsi-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-block-rbd-3.1.1.1-66.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-block-rbd-3.1.1.1-66.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-block-ssh-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-guest-agent-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-ipxe-1.0.0+-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-kvm-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-lang-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-s390-3.1.1.1-66.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-seabios-1.12.0_0_ga698c89-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-sgabios-8-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-tools-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-ui-curses-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-ui-gtk-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-ui-sdl-3.1.1.1-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-vgabios-1.12.0_0_ga698c89-66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'qemu-x86-3.1.1.1-66.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-arm / qemu-audio-alsa / qemu-audio-oss / qemu-audio-pa / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | qemu | p-cpe:/a:novell:suse_linux:qemu |
novell | suse_linux | qemu-arm | p-cpe:/a:novell:suse_linux:qemu-arm |
novell | suse_linux | qemu-audio-alsa | p-cpe:/a:novell:suse_linux:qemu-audio-alsa |
novell | suse_linux | qemu-audio-oss | p-cpe:/a:novell:suse_linux:qemu-audio-oss |
novell | suse_linux | qemu-audio-pa | p-cpe:/a:novell:suse_linux:qemu-audio-pa |
novell | suse_linux | qemu-audio-sdl | p-cpe:/a:novell:suse_linux:qemu-audio-sdl |
novell | suse_linux | qemu-block-curl | p-cpe:/a:novell:suse_linux:qemu-block-curl |
novell | suse_linux | qemu-block-iscsi | p-cpe:/a:novell:suse_linux:qemu-block-iscsi |
novell | suse_linux | qemu-block-rbd | p-cpe:/a:novell:suse_linux:qemu-block-rbd |
novell | suse_linux | qemu-block-ssh | p-cpe:/a:novell:suse_linux:qemu-block-ssh |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4144
www.nessus.org/u?fc6e68d2
bugzilla.suse.com/1172033
bugzilla.suse.com/1172382
bugzilla.suse.com/1175144
bugzilla.suse.com/1180207
bugzilla.suse.com/1182282
bugzilla.suse.com/1185000
bugzilla.suse.com/1193880
bugzilla.suse.com/1197653
bugzilla.suse.com/1198035
bugzilla.suse.com/1198038
bugzilla.suse.com/1198712
bugzilla.suse.com/1201367
bugzilla.suse.com/1205808
www.suse.com/security/cve/CVE-2020-13253
www.suse.com/security/cve/CVE-2020-13754
www.suse.com/security/cve/CVE-2020-14394
www.suse.com/security/cve/CVE-2020-17380
www.suse.com/security/cve/CVE-2020-25085
www.suse.com/security/cve/CVE-2021-3409
www.suse.com/security/cve/CVE-2021-3507
www.suse.com/security/cve/CVE-2021-3929
www.suse.com/security/cve/CVE-2021-4206
www.suse.com/security/cve/CVE-2022-0216
www.suse.com/security/cve/CVE-2022-1050
www.suse.com/security/cve/CVE-2022-26354
www.suse.com/security/cve/CVE-2022-35414
www.suse.com/security/cve/CVE-2022-4144