Package "qemu-user"

Name: qemu-user


QEMU user mode emulation binaries

Latest version: 1:8.0.4+dfsg-1ubuntu3.23.10.2
Release: mantic (23.10)
Level: security
Repository: universe
Head package: qemu
Homepage: http://www.qemu.org/


Download "qemu-user"

Other versions of "qemu-user" in Mantic

Repository Area Version
base universe 1:8.0.4+dfsg-1ubuntu3
updates universe 1:8.0.4+dfsg-1ubuntu3.23.10.5


Version: 1:8.0.4+dfsg-1ubuntu3.23.10.2 2024-01-08 19:07:04 UTC

  qemu (1:8.0.4+dfsg-1ubuntu3.23.10.2) mantic-security; urgency=medium

  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: null pointer deref in NVME device
    - debian/patches/CVE-2023-40360.patch: fix null pointer access in
      directive receive in hw/nvme/ctrl.c.
    - CVE-2023-40360
  * SECURITY UPDATE: OOB read in NVME device
    - debian/patches/CVE-2023-4135.patch: fix oob memory read in fdp events
      log in hw/nvme/ctrl.c.
    - CVE-2023-4135
  * SECURITY UPDATE: division by zero via scsi block size
    - debian/patches/CVE-2023-42467.patch: disallow block sizes smaller
      than 512 in hw/scsi/scsi-disk.c.
    - CVE-2023-42467
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088

 -- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 08:22:57 -0500

CVE-2023-1544 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a
CVE-2023-40360 QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is co
CVE-2023-4135 A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the gues
CVE-2023-42467 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent
CVE-2023-5088 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overw

About   -   Send Feedback to @ubuntu_updates