UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • supplemental block backend modules for qemu-system and qemu-utils
  • Guest-side qemu-system agent
  • QEMU full system emulation binaries (x86)
  • QEMU full system emulation (Xen helper package)
Latest version: 1:10.1.0+ds-5ubuntu2.6
Release: questing (25.10)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "qemu" in Questing

Repository Area Version
base main 1:10.1.0+ds-5ubuntu2
base universe 1:10.1.0+ds-5ubuntu2
security main 1:10.1.0+ds-5ubuntu2.6
updates main 1:10.1.0+ds-5ubuntu2.6
updates universe 1:10.1.0+ds-5ubuntu2.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:10.1.0+ds-5ubuntu2.6 2026-04-09 20:13:24 UTC

  qemu (1:10.1.0+ds-5ubuntu2.6) questing-security; urgency=medium

  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2024-6519.patch: keep a reference to the device while
      SCRIPTS in hw/scsi/lsi53c895a.c.
    - CVE-2024-6519
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent()
      in block/vmdk.c.
    - CVE-2026-2243
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2026-3195-1.patch: fix max_size bounds check in input
      cb in hw/audio/virtio-snd.c.
    - debian/patches/CVE-2026-3195-2.patch: tighten read amount in in_cb in
      hw/audio/virtio-snd.c.
    - CVE-2026-3195
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2026-3196.patch: handle 5.14.6.2 for PCM_INFO properly
      in hw/audio/virtio-snd.c.
    - CVE-2026-3196
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2026-3842.patch: check length returned by
      cpu_physical_memory_map() in hw/hyperv/syndbg.c.
    - CVE-2026-3842

 -- Fabian Toepfer <email address hidden> Wed, 01 Apr 2026 18:16:15 +0200
Source diff to previous version
CVE-2024-6519 A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243 A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

Version: 1:10.1.0+ds-5ubuntu2.4 2026-03-04 20:08:22 UTC

  qemu (1:10.1.0+ds-5ubuntu2.4) questing-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2024-8354.patch: don't assert for SETUP to non-0
      endpoint in hw/usb/hcd-uhci.
    - CVE-2024-8354
  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2025-11234-1.patch: release active GSource in TLS
      channel finalizer in io/channel-tls.c.
    - debian/patches/CVE-2025-11234-2.patch: move websock resource release to
      close method in io/channel-websock.c.
    - debian/patches/CVE-2025-11234-3.patch: fix use after free in websocket
      handshake code in io/channel-websock.c.
    - CVE-2025-11234
  * SECURITY UPDATE: stack-based buffer overflow
    - debian/patches/CVE-2025-12464.patch: pad packets to minimum length in
      qemu_receive_packet() in net/net.c.
    - CVE-2025-12464
  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2025-14876-1.patch: verify asym request size in
      hw/virtio/virtio-crypto.c.
    - debian/patches/CVE-2025-14876-2.patch: Limit the maximum size in
      backends/cryptodev-builtin.c.
    - CVE-2025-14876
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2026-0665.patch: fix PIRQ bounds check in
      xen_physdev_map_pirq() in hw/i386/kvm/xen_evtchn.c.
    - CVE-2026-0665

 -- Fabian Toepfer <email address hidden> Tue, 03 Mar 2026 15:17:44 +0100
CVE-2024-8354 A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a U
CVE-2025-11234 A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to
CVE-2025-12464 A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devic
CVE-2025-14876 A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, lea
CVE-2026-0665 An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QE


About   -   Send Feedback to @ubuntu_updates