Package "qemu-kvm"
Name: |
qemu-kvm
|
Description: |
QEMU Full virtualization on x86 hardware
|
Latest version: |
1:4.2-3ubuntu6.29 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
qemu |
Homepage: |
http://www.qemu.org/ |
Links
Download "qemu-kvm"
Other versions of "qemu-kvm" in Focal
Changelog
qemu (1:4.2-3ubuntu6.29) focal-security; urgency=medium
* SECURITY REGRESSION: 9pfs restrictions on sockets (LP: #2065579)
- debian/patches/ubuntu/lp-2065579-9pfs-allow-sockets.patch: allow
sockets and FIFOs to be opened in hw/9pfs/9p-util.h. The fix for
CVE-2023-2861 was too restrictive for some use-cases.
-- Marc Deslauriers <email address hidden> Wed, 05 Jun 2024 12:25:53 -0400
|
Source diff to previous version |
2065579 |
[UBUNTU 22.04] OS guest boot issues on 9p filesystem |
CVE-2023-2861 |
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host s |
|
qemu (1:4.2-3ubuntu6.28) focal-security; urgency=medium
* SECURITY UPDATE: infinite loop in USB xHCI controller
- debian/patches/CVE-2020-14394.patch: Fix unbounded loop in
xhci_ring_chain_length() in hw/usb/hcd-xhci.c.
- CVE-2020-14394
* SECURITY UPDATE: code execution in TCG Accelerator
- debian/patches/CVE-2020-24165.patch: fix race in cpu_exec_step_atomic
in accel/tcg/cpu-exec.c.
- CVE-2020-24165
* SECURITY UPDATE: OOB access in ATI VGA device
- debian/patches/CVE-2021-3638.patch: Fix buffer overflow in ati_2d_blt
in hw/display/ati_2d.c.
- CVE-2021-3638
* SECURITY UPDATE: OOB read in RDMA device
- debian/patches/CVE-2023-1544.patch: protect against buggy or
malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
- CVE-2023-1544
* SECURITY UPDATE: 9pfs special file access
- debian/patches/CVE-2023-2861.patch: prevent opening special files in
fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
- CVE-2023-2861
* SECURITY UPDATE: heap overflow in crypto device
- debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
sym request in hw/virtio/virtio-crypto.c.
- CVE-2023-3180
* SECURITY UPDATE: DoS in VNC server
- debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
closed during handshake in include/io/channel-tls.h,
io/channel-tls.c.
- CVE-2023-3354
* SECURITY UPDATE: disk offset 0 access
- debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
resetting state in hw/ide/core.c.
- CVE-2023-5088
-- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 14:45:57 -0500
|
Source diff to previous version |
CVE-2020-14394 |
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. Thi |
CVE-2020-24165 |
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial o |
CVE-2021-3638 |
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MM |
CVE-2023-1544 |
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a |
CVE-2023-2861 |
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host s |
CVE-2023-3180 |
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no ch |
CVE-2023-3354 |
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections cro |
CVE-2023-5088 |
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overw |
|
qemu (1:4.2-3ubuntu6.27) focal-security; urgency=medium
* SECURITY UPDATE: user-after-free issue
- debian/patches/CVE-2022-1050.patch: Protect against buggy or
malicious guest driver
- CVE-2022-1050
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2022-4144-*.patch: Have qxl_log_command Return
early if no log_cmd handler; Document qxl_phys2virt(); Pass requested
buffer size to qxl_phys2virt(); Avoid buffer overrun in qxl_phys2virt;
Assert memory slot fits in preallocated MemoryRegion
- CVE-2022-4144
* SECURITY UPDATE: reentrancy problem
- debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
controller
- CVE-2023-0330
-- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 16:58:54 +0530
|
Source diff to previous version |
CVE-2022-1050 |
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when |
CVE-2022-4144 |
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structu |
CVE-2023-0330 |
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like st |
|
qemu (1:4.2-3ubuntu6.24) focal-security; urgency=medium
* SECURITY UPDATE: DMA reentrancy issue
- debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
field and MEMTX_ACCESS_ERROR
- CVE-2021-3750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
-- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:45:56 +0530
|
Source diff to previous version |
CVE-2021-3750 |
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO regi |
CVE-2022-0216 |
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated message |
|
qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock.c.
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:35:04 -0400
|
CVE-2021-3507 |
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block |
CVE-2021-4206 |
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal |
CVE-2021-4207 |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he |
CVE-2022-26353 |
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c |
CVE-2022-26354 |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor |
|
About
-
Send Feedback to @ubuntu_updates