RHSA-2021:0648: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security update

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es):

• QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure (CVE-2020-11947)
• QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2020-11947: QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure
• CVE-2020-25723: QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c