Ubuntu update for qemu
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2019-20382 CVE-2020-13765 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 CVE-2021-3592 CVE-2021-3594 CVE-2023-3019 CVE-2024-4693 |
| CWE-ID | CWE-401 CWE-787 CWE-416 CWE-122 CWE-119 CWE-763 CWE-672 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system qemu-system-x86-microvm (Ubuntu package) Operating systems & Components / Operating system package or component qemu (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-xen (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-x86-xen (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-x86 (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-sparc (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-s390x (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-ppc (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-misc (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-mips (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-arm (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-common (Ubuntu package) Operating systems & Components / Operating system package or component qemu-system-aarch64 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU27388
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20382
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zrle_compress_data() function in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. A remote attacker can perform a denial of service attack.
Update the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU31806
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-13765
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in rom_copy() in hw/core/loader.c. A local user on the guest operating system can create a specially data to the application, trigger out-of-bounds write and execute arbitrary code on the host system.
MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU27389
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-1983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing packets within the ip_reass() function in ip_input.c in libslirp. A remote attacker can send a specially crafted packet to the application, trigger a use-after-free error and crash it.
Update the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Heap-based buffer overflow
EUVDB-ID: #VU25458
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7039
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU25456
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8608
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within tcp_subr.c file in libslirp. A local user can pass specially crafted data to the application that is using the affected version of library, trigger memory corruption and execute arbitrary code on the system.
Update the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Release of invalid pointer or reference
EUVDB-ID: #VU54308
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3592
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to invalid pointer initialization within the bootp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host.
MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Release of invalid pointer or reference
EUVDB-ID: #VU54310
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3594
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to invalid pointer initialization within the udp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory. MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU85734
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3019
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the e1000e_write_packet_to_guest() function in the e1000e NIC emulation code in QEMU. A local user can trigger DMA reentrancy and crash the QEMU process on the host.
MitigationUpdate the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Operation on a Resource after Expiration or Release
EUVDB-ID: #VU94528
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-4693
CWE-ID:
CWE-672 - Operation on a Resource after Expiration or Release
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to an improper release and use of the irqfd for vector 0 during the boot process in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). A malicious guest can crash the QUEMU host process via vhost_net_stop().
Update the affected package qemu to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
qemu-system-x86-microvm (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-xen (Ubuntu package): before 1:8.2.2+ds-0ubuntu1.4
qemu-system-x86-xen (Ubuntu package): before 1:4.2-3ubuntu6.30
qemu-system-x86 (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-sparc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-s390x (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-ppc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-misc (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-mips (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-arm (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system (Ubuntu package): before Ubuntu Pro (Infra-only)
qemu-system-common (Ubuntu package): before Ubuntu Pro
qemu-system-aarch64 (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:qemu-system-x86-microvm:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-xen_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86-xen:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-x86_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-sparc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-s390x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-ppc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-misc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-mips_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-arm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:qemu-system-aarch64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7094-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
