Packages
- qemu - Machine emulator and virtualizer
Details
It was discovered that QEMU incorrectly handled certain virtio devices. A
privileged guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446)
It was discovered that QEMU incorrectly handled SDHCI device emulation. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-3447)
It was discovered that QEMU incorrectly handled calculating the checksum
of a short-sized fragmented packet. A guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2024-3567)
It...
It was discovered that QEMU incorrectly handled certain virtio devices. A
privileged guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446)
It was discovered that QEMU incorrectly handled SDHCI device emulation. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-3447)
It was discovered that QEMU incorrectly handled calculating the checksum
of a short-sized fragmented packet. A guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2024-3567)
It was discovered that the QEMU qemu-img utility incorrectly handled
certain crafted image files. An attacker could use this issue to cause QEMU
to consume resources, leading to a denial of service, or possibly read and
write to an existing external file. This issue only affected Ubuntu 22.04
LTS and Ubuntu 24.04 LTS. (CVE-2024-4467)
It was discovered that QEMU incorrectly handled the RSS feature on
virtio-net devices. A privileged guest attacker could possibly use this
issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-6505)
It was discovered that QEMU incorrectly handled the NBD server. An attacker
could use this issue to cause QEMU to consume resources, leading to a
denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-7409)
It was discovered that QEMU incorrectly handled certain USB devices. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-8354)
It was discovered that the QEMU package incorrectly set up a binfmt_misc
registration with the C (Credential) flag. A local attacker could use this
with a suid/sgid binary to escalate privileges. This update will no longer
run foreign-architecture binaries with suid/sgid with elevated privileges.
Update instructions
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.