QEMU full system emulation binaries (mips)
Other versions of "qemu-system-mips" in Focal
qemu (1:4.2-3ubuntu6.17) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
- debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
- debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
method in hw/nvram/nrf51_nvm.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
- debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
- debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer when a different block size is programmed in
* SECURITY UPDATE: stack overflow via infinite loop issue in various NIC
- debian/patches/CVE-2021-3416-1.patch: introduce qemu_receive_packet()
in include/net/net.h, include/net/queue.h, net/net.c, net/queue.c.
- debian/patches/CVE-2021-3416-2.patch: switch to use
qemu_receive_packet() for loopback in hw/net/e1000.c.
- debian/patches/CVE-2021-3416-3.patch: switch to use
qemu_receive_packet() for loopback packet in hw/net/dp8393x.c.
- debian/patches/CVE-2021-3416-5.patch: switch to use
qemu_receive_packet() for loopback in hw/net/sungem.c.
- debian/patches/CVE-2021-3416-6.patch: switch to use
qemu_receive_packet_iov() for loopback in hw/net/net_tx_pkt.c.
- debian/patches/CVE-2021-3416-7.patch: switch to use
qemu_receive_packet() for loopback in hw/net/rtl8139.c.
- debian/patches/CVE-2021-3416-8.patch: switch to use
qemu_receive_packet() for loopback in hw/net/pcnet.c.
- debian/patches/CVE-2021-3416-9.patch: switch to use
qemu_receive_packet() for loopback in hw/net/cadence_gem.c.
- debian/patches/CVE-2021-3416-10.patch: switch to use
qemu_receive_packet() for loopback in hw/net/lan9118.c.
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
* SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
- debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
- debian/patches/CVE-2021-3544-2.patch: fix resource leak in
- debian/patches/CVE-2021-3544-3.patch: fix memory leak in
- debian/patches/CVE-2021-3544-4.patch: fix memory leak in
- debian/patches/CVE-2021-3544-5.patch: fix memory leak in
- debian/patches/CVE-2021-3544-6.patch: fix memory leak in
- debian/patches/CVE-2021-3544-7.patch: fix OOB write in
- debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
* SECURITY UPDATE: mremap overflow in the pvrdma device
- debian/patches/CVE-2021-3582.patch: check lengths in
* SECURITY UPDATE: integer overflow in pvrdma device
- debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
* SECURITY UPDATE: uninitialized memory unmap in pvrdma device
- debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
* SECURITY UPDATE: out-of-bounds access issue in ARM Generic Interrupt
- debian/patches/CVE-2021-20221.patch: fix interrupt ID in GICD_SGIR
register in hw/intc/arm_gic.c.
* SECURITY UPDATE: infinite loop while processing transmit descriptors
- debian/patches/CVE-2021-20257.patch: fail early for evil descriptor
-- Marc Deslauriers <email address hidden> Mon, 12 Jul 2021 11:03:37 -040
|Source diff to previous version|
||In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
||A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to
||A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while h
||A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas
||The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues pr
||A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs
||A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce th
||Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contr
||An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. T
||A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to c
||hw/rdma: Fix possible mremap overflow in the pvrdma device
||pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()
||pvrdma: uninitialized memory unmap in pvrdma_ring_init()
||An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64
||net: e1000: infinite loop while processing transmit descriptors
qemu (1:4.2-3ubuntu6.16) focal; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200
|Source diff to previous version|
||Add missing cpu feature bits in EPYC-Rome model
||Add EPYC-Milan model
qemu (1:4.2-3ubuntu6.15) focal; urgency=medium
* d/p/u/lp-1921468-*: fix issues handling boot menu index on s390x
d/rules: Backport --with-git-submodules param so building from git repo
doesn't fail (LP: #1887535)
* Fix byte aligned writes when writing to image stored on NFS
server, as they aren't required to be 4kib aligned. (LP: #1921665)
-- Christian Ehrhardt <email address hidden> Fri, 26 Mar 2021 10:38:47 +0100
|Source diff to previous version|
||[UBUNTU 20.04] KVM guest fails to find zipl boot menu index
||build operates differently if source is a git repo
||QEMU hits assertion when virtual disk is stored on NFS server and is not 4 kib byte aligned
qemu (1:4.2-3ubuntu6.14) focal-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions caused by CVE-2020-13754
security update (LP: #1914883)
- debian/patches/ubuntu/CVE-2020-13754-3.patch: log invalid memory
accesses in memory.c.
- debian/patches/ubuntu/CVE-2020-13754-4.patch: allow 16-bit writes to
memory region in hw/riscv/sifive_test.c.
- debian/patches/ubuntu/CVE-2020-13754-5.patch: allow 64-bit accesses
- debian/patches/ubuntu/CVE-2020-13754-6.patch: allow less than 32-bit
accesses in hw/char/bcm2835_aux.c.
- debian/patches/ubuntu/CVE-2020-13754-9.patch: fix
valid.max_access_size to access address registers in
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 08:17:08 -0500
|Source diff to previous version|
||hart0: trap handler failed (error -2) (Needs cherry-pick ab3d207f)
||hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
qemu (1:4.2-3ubuntu6.12) focal-security; urgency=medium
* SECURITY UPDATE: heap overread in iscsi_aio_ioctl_cb
- debian/patches/ubuntu/CVE-2020-11947.patch: fix heap-buffer-overflow
* SECURITY UPDATE: use-after-free in e1000e
- debian/patches/ubuntu/CVE-2020-15859.patch: forbid the reentrant RX
* SECURITY UPDATE: OOB write to MSI-X table
- debian/patches/ubuntu/CVE-2020-27821.patch: clamp cached translation
in case it points to an MMIO region in exec.c.
* SECURITY UPDATE: infinite loop in e1000e
- debian/patches/ubuntu/CVE-2020-28916.patch: advance desc_offset in
case of null descriptor in hw/net/e1000e_core.c.
* SECURITY UPDATE: out of bounds read in atapi
- debian/patches/ubuntu/CVE-2020-29443-1.patch: assert that the buffer
pointer is in range in hw/ide/atapi.c.
- debian/patches/ubuntu/CVE-2020-29443-2.patch: check logical block
address and read size in hw/ide/atapi.c.
* SECURITY UPDATE: use after free in 9p
- debian/patches/ubuntu/CVE-2021-20181.patch: fully restart unreclaim
loop in hw/9pfs/9p.c.
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2021 10:56:08 -0500
||iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an
||QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000
||A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds w
||hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
||ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
||9pfs: Fully restart unreclaim loop
Send Feedback to @ubuntu_updates