QEMU full system emulation binaries (mips)
Other versions of "qemu-system-mips" in Hirsute
qemu (1:5.2+dfsg-9ubuntu3.1) hirsute-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
- debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
- debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
method in hw/nvram/nrf51_nvm.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
- debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
- debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
* SECURITY UPDATE: out of bounds read in ide_atapi_cmd_reply_end
- debian/patches/CVE-2020-29443-2.patch: check logical block address
and read size in hw/ide/atapi.c.
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer when a different block size is programmed in
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
* SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
- debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
- debian/patches/CVE-2021-3544-2.patch: fix resource leak in
- debian/patches/CVE-2021-3544-3.patch: fix memory leak in
- debian/patches/CVE-2021-3544-4.patch: fix memory leak in
- debian/patches/CVE-2021-3544-5.patch: fix memory leak in
- debian/patches/CVE-2021-3544-6.patch: fix memory leak in
- debian/patches/CVE-2021-3544-7.patch: fix OOB write in
- debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
* SECURITY UPDATE: mremap overflow in the pvrdma device
- debian/patches/CVE-2021-3582.patch: check lengths in
* SECURITY UPDATE: integer overflow in pvrdma device
- debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
* SECURITY UPDATE: uninitialized memory unmap in pvrdma device
- debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
-- Marc Deslauriers <email address hidden> Thu, 08 Jul 2021 09:51:29 -0400
||In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
||ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
||A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to
||A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while h
||A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas
||The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues pr
||A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce th
||Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contr
||An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. T
||A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to c
||hw/rdma: Fix possible mremap overflow in the pvrdma device
||pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()
||pvrdma: uninitialized memory unmap in pvrdma_ring_init()
Send Feedback to @ubuntu_updates