Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Ubuntu 22.04 LTS: 5489-1 Critical QEMU DoS Issues Addressed

ubuntu
Calendar Grey June 21, 2022
Dist Ubuntu Esm H88
Multiple significant vulnerabilities addressed in QEMU impacting Ubuntu versions 20.04, 21.10, and 22.04 LTS. Urgent updates mandatory.
Several security issues were fixed in QEMU.

Summary

Several security issues were fixed in QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

Alexander Bulekov discovered that QEMU incorrectly handled floppy disk

emulation. A privileged attacker inside the guest could use this issue to

cause QEMU to crash, resulting in a denial of service, or possibly leak

sensitive information. (CVE-2021-3507)

It was discovered that QEMU incorrectly handled NVME controller emulation.

An attacker inside the guest could use this issue to cause QEMU to crash,

resulting in a denial of service, or possibly execute arbitrary code. This

issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929)

It was discovered that QEMU incorrectly handled QXL display device

emulation. A privileged attacker inside the guest could use this issue to

cause QEMU to crash, resulting in a denial of service, or possibly execute

arbitrary code. (CVE-2021-4206, CVE-2021-4207)

Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang disc...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  qemu-system                     1:6.2+dfsg-2ubuntu6.2
  qemu-system-arm                 1:6.2+dfsg-2ubuntu6.2
  qemu-system-mips                1:6.2+dfsg-2ubuntu6.2
  qemu-system-misc                1:6.2+dfsg-2ubuntu6.2
  qemu-system-ppc                 1:6.2+dfsg-2ubuntu6.2
  qemu-system-s390x               1:6.2+dfsg-2ubuntu6.2
  qemu-system-sparc               1:6.2+dfsg-2ubuntu6.2
  qemu-system-x86                 1:6.2+dfsg-2ubuntu6.2
  qemu-system-x86-microvm         1:6.2+dfsg-2ubuntu6.2
  qemu-system-x86-xen             1:6.2+dfsg-2ubuntu6.2

Ubuntu 21.10:
  qemu-system                     1:6.0+dfsg-2expubuntu1.3
  qemu-system-arm                 1:6.0+dfsg-2expubuntu1.3
  qemu-system-mips                1:6.0+dfsg-2expubuntu1.3
  qemu-system-misc                1:6.0+dfsg-2expubuntu1.3
  qemu-system-ppc                 1:6.0+dfsg-2expubuntu1.3
  qemu-system-s390x               1:6.0+dfsg-2expubuntu1.3
  qemu-system-sparc               1:6.0+dfsg-2expubuntu1.3
  qemu-system-x86                 1:6.0+dfsg-2expubuntu1.3
  qemu-system-x86-microvm         1:6.0+dfsg-2expubuntu1.3
  qemu-system-x86-xen             1:6.0+dfsg-2expubuntu1.3

Ubuntu 20.04 LTS:
  qemu-system                     1:4.2-3ubuntu6.23
  qemu-system-arm                 1:4.2-3ubuntu6.23
  qemu-system-mips                1:4.2-3ubuntu6.23
  qemu-system-misc                1:4.2-3ubuntu6.23
  qemu-system-ppc                 1:4.2-3ubuntu6.23
  qemu-system-s390x               1:4.2-3ubuntu6.23
  qemu-system-sparc               1:4.2-3ubuntu6.23
  qemu-system-x86                 1:4.2-3ubuntu6.23
  qemu-system-x86-microvm         1:4.2-3ubuntu6.23
  qemu-system-x86-xen             1:4.2-3ubuntu6.23

Ubuntu 18.04 LTS:
  qemu-system                     1:2.11+dfsg-1ubuntu7.40
  qemu-system-arm                 1:2.11+dfsg-1ubuntu7.40
  qemu-system-mips                1:2.11+dfsg-1ubuntu7.40
  qemu-system-misc                1:2.11+dfsg-1ubuntu7.40
  qemu-system-ppc                 1:2.11+dfsg-1ubuntu7.40
  qemu-system-s390x               1:2.11+dfsg-1ubuntu7.40
  qemu-system-sparc               1:2.11+dfsg-1ubuntu7.40
  qemu-system-x86                 1:2.11+dfsg-1ubuntu7.40

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5489-1

CVE-2021-3507, CVE-2021-3929, CVE-2021-4206, CVE-2021-4207,

CVE-2022-0358, CVE-2022-26353, CVE-2022-26354

Severity
critical
Lowest
Low
Medium
High
Critical

June 21, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.