In the QEMU QXL video acelerator a integer overflow leads to heap overflow in qxl_unpack_chunks function.
Created qemu tracking bugs for this issue:
Affects: epel-7 [bug 2070903]
Affects: fedora-all [bug 2070901]
STAR Labs security advisory: https://starlabs.sg/advisories/21-4206.
Is CVE-2021-4206 here correct? The starlabs.sg advisory say it's CVE-2022-4206.
Hi Salvatore, this issue was discovered by STAR Labs in 2021 and CVE-2021-4206 is the correct CVE id. I asked them to update the page. Thank you for the heads up.
(In reply to Mauro Matteo Cascella from comment #7)
> Hi Salvatore, this issue was discovered by STAR Labs in 2021 and
> CVE-2021-4206 is the correct CVE id. I asked them to update the page. Thank
> you for the heads up.
This issue has been addressed in the following products:
Advanced Virtualization for RHEL 8.4.0.EUS
Via RHSA-2022:5002 https://access.redhat.com/errata/RHSA-2022:5002
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):