Package "qemu-user"

Name: qemu-user


QEMU user mode emulation binaries

Latest version: 1:8.0.4+dfsg-1ubuntu3.23.10.5
Release: mantic (23.10)
Level: updates
Repository: universe
Head package: qemu
Homepage: http://www.qemu.org/


Download "qemu-user"

Other versions of "qemu-user" in Mantic

Repository Area Version
base universe 1:8.0.4+dfsg-1ubuntu3
security universe 1:8.0.4+dfsg-1ubuntu3.23.10.2


Version: 1:8.0.4+dfsg-1ubuntu3.23.10.5 2024-04-11 19:06:58 UTC

  qemu (1:8.0.4+dfsg-1ubuntu3.23.10.5) mantic; urgency=medium

  * d/p/u/lp2012763-maxcpus-too-low.patch: Actually set the max_cpus
    property of the new Mantic machine types. (LP: #2012763)

Source diff to previous version

Version: 1:8.0.4+dfsg-1ubuntu3.23.10.3 2024-03-07 18:06:55 UTC

  qemu (1:8.0.4+dfsg-1ubuntu3.23.10.3) mantic; urgency=medium

  * d/p/u/lp-2051965-*.patch: Fix QEMU crash when using TCG acceleration
    with guest Linux kernel >= 6.3. (LP: #2051965)

 -- Sergio Durigan Junior <email address hidden> Tue, 13 Feb 2024 18:26:17 -0500

Source diff to previous version
2051965 QEmu with TCG acceleration (without KVM) causes kernel panics with guest kernels \u003e=6.3

Version: 1:8.0.4+dfsg-1ubuntu3.23.10.2 2024-01-08 21:07:00 UTC

  qemu (1:8.0.4+dfsg-1ubuntu3.23.10.2) mantic-security; urgency=medium

  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: null pointer deref in NVME device
    - debian/patches/CVE-2023-40360.patch: fix null pointer access in
      directive receive in hw/nvme/ctrl.c.
    - CVE-2023-40360
  * SECURITY UPDATE: OOB read in NVME device
    - debian/patches/CVE-2023-4135.patch: fix oob memory read in fdp events
      log in hw/nvme/ctrl.c.
    - CVE-2023-4135
  * SECURITY UPDATE: division by zero via scsi block size
    - debian/patches/CVE-2023-42467.patch: disallow block sizes smaller
      than 512 in hw/scsi/scsi-disk.c.
    - CVE-2023-42467
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088

 -- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 08:22:57 -0500

Source diff to previous version
CVE-2023-1544 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a
CVE-2023-40360 QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is co
CVE-2023-4135 A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the gues
CVE-2023-42467 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent
CVE-2023-5088 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overw

Version: 1:8.0.4+dfsg-1ubuntu3.23.10.1 2023-12-05 14:06:51 UTC

  qemu (1:8.0.4+dfsg-1ubuntu3.23.10.1) mantic; urgency=medium

  * d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto
    hardware to Secure Execution guests. (LP: #2003673)

 -- Sergio Durigan Junior <email address hidden> Mon, 30 Oct 2023 16:16:32 -0400

2003673 KVM: Enable Secure Execution Crypto Passthrough - qemu part

About   -   Send Feedback to @ubuntu_updates