Package "qemu-system-x86-xen"
| Name: |
qemu-system-x86-xen
|
Description: |
QEMU full system emulation binaries (x86)
|
| Latest version: |
1:8.2.2+ds-0ubuntu1.10 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
qemu |
| Homepage: |
http://www.qemu.org/ |
Links
Download "qemu-system-x86-xen"
Other versions of "qemu-system-x86-xen" in Noble
Changelog
|
qemu (1:8.2.2+ds-0ubuntu1.10) noble-security; urgency=medium
* SECURITY UPDATE: double-free in QEMU virtio devices
- debian/patches/CVE-2024-3446-pre1.patch: introduce
virtio_bh_new_guarded() helper in hw/virtio/virtio.c,
include/hw/virtio/virtio.h.
- debian/patches/CVE-2024-3446-1.patch: protect from DMA re-entrancy
bugs in hw/virtio/virtio-crypto.c.
- debian/patches/CVE-2024-3446-2.patch: protect from DMA re-entrancy
bugs in hw/char/virtio-serial-bus.c.
- debian/patches/CVE-2024-3446-3.patch: protect from DMA re-entrancy
bugs in hw/display/virtio-gpu.c.
- CVE-2024-3446
* SECURITY UPDATE: heap overflow in SDHCI device emulation
- debian/patches/CVE-2024-3447.patch: do not update TRNMOD when Command
Inhibit (DAT) is set in hw/sd/sdhci.c.
- CVE-2024-3447
* SECURITY UPDATE: assert failure in checksum calculation
- debian/patches/CVE-2024-3567.patch: fix overrun in
update_sctp_checksum() in hw/net/net_tx_pkt.c.
- CVE-2024-3567
* SECURITY UPDATE: resource consumption in disk utility
- debian/patches/CVE-2024-4467-1.patch: don't open data_file with
BDRV_O_NO_IO in block/qcow2.c, tests/qemu-iotests/061*.
- debian/patches/CVE-2024-4467-2.patch: don't store data-file with
protocol in image in tests/qemu-iotests/244.
- debian/patches/CVE-2024-4467-3.patch: don't store data-file with
json: prefix in image in tests/qemu-iotests/270.
- debian/patches/CVE-2024-4467-4.patch: parse filenames only when
explicitly requested in block.c.
- CVE-2024-4467
* SECURITY UPDATE: heap overflow in virtio-net device RSS feature
- debian/patches/CVE-2024-6505.patch: ensure queue index fits with RSS
in hw/net/virtio-net.c.
- CVE-2024-6505
* SECURITY UPDATE: Dos via improper synchronization during socket closure
- debian/patches/CVE-2024-7409-1.patch: plumb in new args to
nbd_client_add() in blockdev-nbd.c, include/block/nbd.h,
nbd/server.c, qemu-nbd.c.
- debian/patches/CVE-2024-7409-2.patch: cap default max-connections to
100 in block/monitor/block-hmp-cmds.c, blockdev-nbd.c,
include/block/nbd.h, qapi/block-export.json.
- debian/patches/CVE-2024-7409-3.patch: close stray clients at
server-stop in blockdev-nbd.c.
- debian/patches/CVE-2024-7409-4.patch: drop non-negotiating clients in
nbd/server.c, nbd/trace-events.
- debian/patches/CVE-2024-7409-5.patch: avoid use-after-free when
closing server in blockdev-nbd.c.
- CVE-2024-7409
* SECURITY UPDATE: DoS via assert failure in usb_ep_get()
- debian/patches/CVE-2024-8354.patch: change ohci validation in
hw/usb/hcd-ohci.c, hw/usb/trace-events.
- CVE-2024-8354
* SECURITY UPDATE: possibly binfmt privilege escalation (LP: #2120814)
- debian/binfmt-install: stop using C (Credentials) flag for
binfmt_misc registration.
-- Marc Deslauriers <email address hidden> Mon, 25 Aug 2025 14:10:37 -0400
|
| Source diff to previous version |
| 2120814 |
binfmt_misc C (Credentials) flag as security risk with setuid binaries |
| CVE-2024-3446 |
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insu |
| CVE-2024-3447 |
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fif |
| CVE-2024-3567 |
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the |
| CVE-2024-4467 |
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing blo |
| CVE-2024-6505 |
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within R |
| CVE-2024-7409 |
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closur |
| CVE-2024-8354 |
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a U |
|
|
qemu (1:8.2.2+ds-0ubuntu1.4) noble-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2024-4693-1.patch: virtio-pci: fix use of a
released vector
- debian/patches/CVE-2024-4693-2.patch: virtio-pci: Fix the use of
an uninitialized irqfd
- CVE-2024-4693
* SECURITY UPDATE: heap buffer overflow
- debian/patches/CVE-2024-7730.patch: add max size bounds check in
input cb
- CVE-2024-7730
-- Bruce Cable <email address hidden> Tue, 22 Oct 2024 15:57:13 +1100
|
| Source diff to previous version |
| CVE-2024-4693 |
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot proc |
|
|
qemu (1:8.2.2+ds-0ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-26327.patch: Check num_vfs size
- CVE-2024-26327
* SECURITY UPDATE: out of bounds memory access
- debian/patches/CVE-2024-26328.patch: Use pcie_sriov_num_vfs to
get number of enabled vfs before and after config writes
- CVE-2024-26328
-- Bruce Cable <email address hidden> Wed, 21 Aug 2024 11:53:08 +1000
|
| CVE-2024-26327 |
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater |
| CVE-2024-26328 |
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interact |
|
About
-
Send Feedback to @ubuntu_updates
