UbuntuUpdates.org

Package "qemu-system"

Name: qemu-system

Description:

QEMU full system emulation binaries

Latest version: 1:8.2.2+ds-0ubuntu1.2
Release: noble (24.04)
Level: updates
Repository: main
Head package: qemu
Homepage: http://www.qemu.org/

Links


Download "qemu-system"


Other versions of "qemu-system" in Noble

Repository Area Version
base main 1:8.2.2+ds-0ubuntu1
security main 1:8.2.2+ds-0ubuntu1.2
proposed main 1:8.2.2+ds-0ubuntu1.3

Changelog

Version: 1:8.2.2+ds-0ubuntu1.2 2024-08-22 08:07:04 UTC

  qemu (1:8.2.2+ds-0ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-26327.patch: Check num_vfs size
    - CVE-2024-26327
  * SECURITY UPDATE: out of bounds memory access
    - debian/patches/CVE-2024-26328.patch: Use pcie_sriov_num_vfs to
      get number of enabled vfs before and after config writes
    - CVE-2024-26328

 -- Bruce Cable <email address hidden> Wed, 21 Aug 2024 11:53:08 +1000

CVE-2024-26327 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater
CVE-2024-26328 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interact



About   -   Send Feedback to @ubuntu_updates