In the QEMU QXL video acelerator a integer overflow leads to heap overflow in qxl_unpack_chunks function.
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 2070903] Affects: fedora-all [bug 2070901]
STAR Labs security advisory: https://starlabs.sg/advisories/21/21-4206.
Hi Is CVE-2021-4206 here correct? The starlabs.sg advisory say it's CVE-2022-4206. Regards, salvatore
Hi Salvatore, this issue was discovered by STAR Labs in 2021 and CVE-2021-4206 is the correct CVE id. I asked them to update the page. Thank you for the heads up.
Hi Mauro, (In reply to Mauro Matteo Cascella from comment #7) > Hi Salvatore, this issue was discovered by STAR Labs in 2021 and > CVE-2021-4206 is the correct CVE id. I asked them to update the page. Thank > you for the heads up. Thank you! Regards, Salvatore
Upstream fix: https://gitlab.com/qemu-project/qemu/-/commit/fa892e9a
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.4.0.EUS Via RHSA-2022:5002 https://access.redhat.com/errata/RHSA-2022:5002
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4206
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5821 https://access.redhat.com/errata/RHSA-2022:5821