Package "qemu-system-x86"
| Name: |
qemu-system-x86
|
Description: |
QEMU full system emulation binaries (x86)
|
| Latest version: |
1:6.2+dfsg-2ubuntu6.24 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
qemu |
| Homepage: |
http://www.qemu.org/ |
Links
Download "qemu-system-x86"
Other versions of "qemu-system-x86" in Jammy
Changelog
|
qemu (1:6.2+dfsg-2ubuntu6.6) jammy-security; urgency=medium
* SECURITY UPDATE: DMA reentrancy issue
- debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
field and MEMTX_ACCESS_ERROR
- CVE-2021-3750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
lsi_do_msgout
- CVE-2022-0216
* SECURITY UPDATE: integer underflow vulnerability
- debian/patches/CVE-2022-3165.patch: fix integer underflow in
vnc_client_cut_text_ext
- CVE-2022-3165
-- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:47:27 +0530
|
| Source diff to previous version |
| CVE-2021-3750 |
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO regi |
| CVE-2022-0216 |
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated message |
| CVE-2022-3165 |
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could |
|
|
qemu (1:6.2+dfsg-2ubuntu6.2) jammy-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: use-after-free in nvme
- debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
device itself in hw/nvme/ctrl.c.
- CVE-2021-3929
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: potential privilege escalation in virtiofsd
- debian/patches/CVE-2022-0358.patch: Drop membership of all
supplementary groups in tools/virtiofsd/passthrough_ll.c.
- CVE-2022-0358
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock-common.c.
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:22:05 -0400
|
| CVE-2021-3507 |
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block |
| CVE-2021-3929 |
nvme: DMA reentrancy issue leads to use-after-free |
| CVE-2021-4206 |
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal |
| CVE-2021-4207 |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he |
| CVE-2022-26353 |
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c |
| CVE-2022-26354 |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor |
|
About
-
Send Feedback to @ubuntu_updates
