Bugzilla – Bug 1213414
VUL-0: CVE-2023-3301: qemu: vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
Last modified: 2024-06-10 12:50:16 UTC
When a peer nic is still attached to the vdpa backend, it is too early to free up the vhost-net and vdpa structures. If these structures are freed here, then QEMU crashes when the guest is being shut down. The following call chain would result in an assertion failure since the pointer returned from vhost_vdpa_get_vhost_net() would be NULL: do_vm_stop() -> vm_state_notify() -> virtio_set_status() -> virtio_net_vhost_status() -> get_vhost_net(). Therefore, we defer freeing up the structures until at guest shutdown time when qemu_cleanup() calls net_cleanup() which then calls qemu_del_net_client() which would eventually call vhost_vdpa_cleanup() again to free up the structures. This time, the loop in net_cleanup() ensures that vhost_vdpa_cleanup() will be called one last time when all the peer nics are detached and freed. All unit tests pass with this change. References: https://bugzilla.redhat.com/show_bug.cgi?id=2128929 https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg05460.html https://gitlab.com/qemu-project/qemu/-/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3301 https://nvd.nist.gov/vuln/detail/CVE-2023-3301
SUSE-SU-2023:3082-1: An update that solves four vulnerabilities and has two fixes can now be installed. Category: security (important) Bug References: 1179993, 1181740, 1207205, 1212968, 1213001, 1213414 CVE References: CVE-2023-0330, CVE-2023-2861, CVE-2023-3255, CVE-2023-3301 Sources used: Server Applications Module 15-SP5 (src): qemu-7.1.0-150500.49.6.1 openSUSE Leap 15.5 (src): qemu-linux-user-7.1.0-150500.49.6.1, qemu-7.1.0-150500.49.6.1 Basesystem Module 15-SP5 (src): qemu-7.1.0-150500.49.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
With https://build.suse.de/request/show/304979 (hoping that it passes review :-D), this should be done. Handing it back
SUSE-SU-2023:3234-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1212968, 1213001, 1213414 CVE References: CVE-2023-2861, CVE-2023-3255, CVE-2023-3301 Sources used: openSUSE Leap 15.4 (src): qemu-linux-user-6.2.0-150400.37.20.1, qemu-6.2.0-150400.37.20.1 openSUSE Leap Micro 5.3 (src): qemu-6.2.0-150400.37.20.1 openSUSE Leap Micro 5.4 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro 5.3 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro 5.4 (src): qemu-6.2.0-150400.37.20.1 Basesystem Module 15-SP4 (src): qemu-6.2.0-150400.37.20.1 Server Applications Module 15-SP4 (src): qemu-6.2.0-150400.37.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3444-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1188609, 1190011, 1207205, 1212850, 1213414, 1213925 CVE References: CVE-2021-3638, CVE-2021-3750, CVE-2023-0330, CVE-2023-3180, CVE-2023-3301, CVE-2023-3354 Sources used: SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): qemu-5.2.0-150300.127.3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): qemu-5.2.0-150300.127.3 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): qemu-5.2.0-150300.127.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): qemu-5.2.0-150300.127.3 SUSE Manager Proxy 4.2 (src): qemu-5.2.0-150300.127.3 SUSE Manager Retail Branch Server 4.2 (src): qemu-5.2.0-150300.127.3 SUSE Manager Server 4.2 (src): qemu-5.2.0-150300.127.3 SUSE Enterprise Storage 7.1 (src): qemu-5.2.0-150300.127.3 SUSE Linux Enterprise Micro 5.1 (src): qemu-5.2.0-150300.127.3 SUSE Linux Enterprise Micro 5.2 (src): qemu-5.2.0-150300.127.3 SUSE Linux Enterprise Micro for Rancher 5.2 (src): qemu-5.2.0-150300.127.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1213414) was mentioned in https://build.opensuse.org/request/show/1110620 Factory / qemu
SUSE-SU-2023:3082-2: An update that solves four vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1179993, 1181740, 1207205, 1212968, 1213001, 1213414 CVE References: CVE-2023-0330, CVE-2023-2861, CVE-2023-3255, CVE-2023-3301 Sources used: SUSE Linux Enterprise Micro 5.5 (src): qemu-7.1.0-150500.49.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.