Package "qemu-system-mips"

Name: qemu-system-mips


QEMU full system emulation binaries (mips)

Latest version: 1:5.2+dfsg-9ubuntu3.1
Release: hirsute (21.04)
Level: updates
Repository: main
Head package: qemu
Homepage: http://www.qemu.org/


Download "qemu-system-mips"

Other versions of "qemu-system-mips" in Hirsute

Repository Area Version
base main 1:5.2+dfsg-9ubuntu2
security main 1:5.2+dfsg-9ubuntu3.1


Version: 1:5.2+dfsg-9ubuntu3.1 2021-07-15 19:06:36 UTC

  qemu (1:5.2+dfsg-9ubuntu3.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
    - debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
    - debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
    - debian/patches/CVE-2020-15469-3.patch: add quirk device write method
      in hw/vfio/pci-quirks.c.
    - debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
    - debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
      method in hw/nvram/nrf51_nvm.c.
    - debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
    - debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
      in hw/misc/tz-ppc.c.
    - debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
      in hw/misc/imx7_ccm.c.
    - CVE-2020-15469
  * SECURITY UPDATE: out of bounds read in ide_atapi_cmd_reply_end
    - debian/patches/CVE-2020-29443-2.patch: check logical block address
      and read size in hw/ide/atapi.c.
    - CVE-2020-29443
  * SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
    - debian/patches/CVE-2020-35504.patch: always check current_req is not
      NULL before use in DMA callbacks in hw/scsi/esp.c.
    - CVE-2020-35504
  * SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
    - debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
      current_dev is non-NULL in hw/scsi/esp.c.
    - CVE-2020-35505
  * SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
    - debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
      field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
    - CVE-2021-3392
  * SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
    - debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
      command time out in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
      register when transfer is in progress in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-3.patch: correctly set the controller
      status for ADMA in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-4.patch: limit block size only when
      SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
    - debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
      s->fifo_buffer[] when a different block size is programmed in
    - CVE-2021-3409
  * SECURITY UPDATE: DoS in USB redirector device
    - debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
      in hw/usb/redirect.c.
    - debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
      in hw/usb/combined-packet.c.
    - CVE-2021-3527
  * SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
    - debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
    - debian/patches/CVE-2021-3544-2.patch: fix resource leak in
    - debian/patches/CVE-2021-3544-3.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-4.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-5.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-6.patch: fix memory leak in
    - debian/patches/CVE-2021-3544-7.patch: fix OOB write in
    - debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
      in contrib/vhost-user-gpu/vhost-user-gpu.c,
      contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
    - CVE-2021-3544
    - CVE-2021-3545
    - CVE-2021-3546
  * SECURITY UPDATE: mremap overflow in the pvrdma device
    - debian/patches/CVE-2021-3582.patch: check lengths in
    - CVE-2021-3582
  * SECURITY UPDATE: integer overflow in pvrdma device
    - debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
      in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2021-3607
  * SECURITY UPDATE: uninitialized memory unmap in pvrdma device
    - debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
    - CVE-2021-3608

 -- Marc Deslauriers <email address hidden> Thu, 08 Jul 2021 09:51:29 -0400

Source diff to previous version
CVE-2020-15469 In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-29443 ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-35504 A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to
CVE-2020-35505 A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while h
CVE-2021-3392 A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas
CVE-2021-3409 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues pr
CVE-2021-3527 A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce th
CVE-2021-3544 Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contr
CVE-2021-3545 An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. T
CVE-2021-3546 A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to c
CVE-2021-3582 hw/rdma: Fix possible mremap overflow in the pvrdma device
CVE-2021-3607 pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()
CVE-2021-3608 pvrdma: uninitialized memory unmap in pvrdma_ring_init()

Version: 1:5.2+dfsg-9ubuntu3 2021-04-23 08:06:27 UTC

  qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200

1921754 Add missing cpu feature bits in EPYC-Rome model
1921880 Add EPYC-Milan model

About   -   Send Feedback to @ubuntu_updates