A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
Status comment: (none) => CVE-2020-27821
This is not a duplicate. Thank you for the alert. We have qemu-5.2.0-3.mga8.src.rpm in M8. You look the right target for this (qemu), Thierry.
Assignee: bugsquad => thierry.vignaudQA Contact: (none) => security
Qemu is vulnerable to a *LOT* more than just this one CVE. We don't have bugs for them because we don't track Qemu CVEs anymore, because there are just *way* too many of them. If anyone is interested in tracking them, they should follow the new Qemu security mailing list that was just set up: https://www.openwall.com/lists/oss-security/2020/12/16/1 Otherwise, probably the best we can do is periodically sync the package with Fedora.
Summary: qemu security vulnerability CVE-2020-27821 => qemu several security issuesComponent: RPM Packages => Security
Status comment: CVE-2020-27821 => (none)
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED