[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4158/qemu

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 24 08:01:26 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b21ac1ce by Salvatore Bonaccorso at 2021-12-24T09:00:49+01:00
Add CVE-2021-4158/qemu

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20,8 +20,16 @@ CVE-2021-45463 (GEGL before 0.4.34 allows shell expansion when a pathname in a c
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
 CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
 	NOT-FOR-US: Open5GS
-CVE-2021-4158
+CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
 	RESERVED
+	- qemu <unfixed>
+	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+	[buster] - qemu <not-affected> (Vulnerable code introduced later)
+	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002
+	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770
+	NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0)
+	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
 CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
 	NOT-FOR-US: FreePBX
 CVE-2021-45460



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21ac1ce8ae3ba70932053a52847a92f2636988d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21ac1ce8ae3ba70932053a52847a92f2636988d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/5997688c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list