Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm . Security Fix: * QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free * QEMU: fdc: heap buffer overflow in DMA read data transfers * QEMU: intel-hda: segmentation fault due to stack overflow * QEMU: NULL pointer dereference in pci_write in hw/acpi/pcihp.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed : 1477099 - virtio-iommu 1708300 - RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN 1879437 - Qemu coredump when refreshing block limits on an actively used iothread block device [rhel.9] 1904267 - Q35: Support SMBIOS 3.0 Entry Point Type 1951118 - CVE-2021-3507 QEMU: fdc: heap buffer overflow in DMA read data transfers 1968509 - Use MSG_ZEROCOPY on QEMU Live Migration 1973784 - CVE-2021-3611 QEMU: intel-hda: segmentation fault due to stack overflow 1982600 - qemu-kvm -help reports -spice despite not being compiled 1995710 - RFE: Allow virtio-scsi CD-ROM media change with IOThreads 1999073 - CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free 2020993 - "qemu-img convert" to Qcow2 Images over RBD Failed 2023977 - Duplicate SMBIOS handles when creating large VMs