Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 23.10: 6567-1 Critical Denial of Service in QEMU

ubuntu
Calendar Grey January 8, 2024
Dist Ubuntu Esm H88
Latest QEMU patches address security flaws across multiple Ubuntu versions, improving user safety and system reliability.
Several security issues were fixed in QEMU.

Summary

Several security issues were fixed in QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the

USB xHCI controller device. A privileged guest attacker could possibly use

this issue to cause QEMU to crash, leading to a denial of service. This

issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)

It was discovered that QEMU incorrectly handled the TCG Accelerator. A

local attacker could use this issue to cause QEMU to crash, leading to a

denial of service, or possibly execute arbitrary code and esclate

privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)

It was discovered that QEMU incorrectly handled the Intel HD audio device.

A malicious guest attacker could use this issue to cause QEMU to crash,

leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

(CVE-2021-3611)

It was discovered that QEMU incorrec...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   qemu-system                     1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-arm                 1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-mips                1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-misc                1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-ppc                 1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-s390x               1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-sparc               1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-x86                 1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-x86-xen             1:8.0.4+dfsg-1ubuntu3.23.10.2
   qemu-system-xen                 1:8.0.4+dfsg-1ubuntu3.23.10.2

Ubuntu 23.04:
   qemu-system                     1:7.2+dfsg-5ubuntu2.4
   qemu-system-arm                 1:7.2+dfsg-5ubuntu2.4
   qemu-system-mips                1:7.2+dfsg-5ubuntu2.4
   qemu-system-misc                1:7.2+dfsg-5ubuntu2.4
   qemu-system-ppc                 1:7.2+dfsg-5ubuntu2.4
   qemu-system-s390x               1:7.2+dfsg-5ubuntu2.4
   qemu-system-sparc               1:7.2+dfsg-5ubuntu2.4
   qemu-system-x86                 1:7.2+dfsg-5ubuntu2.4
   qemu-system-x86-xen             1:7.2+dfsg-5ubuntu2.4
   qemu-system-xen                 1:7.2+dfsg-5ubuntu2.4

Ubuntu 22.04 LTS:
   qemu                            1:6.2+dfsg-2ubuntu6.16
   qemu-system-arm                 1:6.2+dfsg-2ubuntu6.16
   qemu-system-mips                1:6.2+dfsg-2ubuntu6.16
   qemu-system-misc                1:6.2+dfsg-2ubuntu6.16
   qemu-system-ppc                 1:6.2+dfsg-2ubuntu6.16
   qemu-system-s390x               1:6.2+dfsg-2ubuntu6.16
   qemu-system-sparc               1:6.2+dfsg-2ubuntu6.16
   qemu-system-x86                 1:6.2+dfsg-2ubuntu6.16
   qemu-system-x86-microvm         1:6.2+dfsg-2ubuntu6.16
   qemu-system-x86-xen             1:6.2+dfsg-2ubuntu6.16

Ubuntu 20.04 LTS:
   qemu                            1:4.2-3ubuntu6.28
   qemu-system                     1:4.2-3ubuntu6.28
   qemu-system-arm                 1:4.2-3ubuntu6.28
   qemu-system-mips                1:4.2-3ubuntu6.28
   qemu-system-misc                1:4.2-3ubuntu6.28
   qemu-system-ppc                 1:4.2-3ubuntu6.28
   qemu-system-s390x               1:4.2-3ubuntu6.28
   qemu-system-sparc               1:4.2-3ubuntu6.28
   qemu-system-x86                 1:4.2-3ubuntu6.28
   qemu-system-x86-microvm         1:4.2-3ubuntu6.28
   qemu-system-x86-xen             1:4.2-3ubuntu6.28

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6567-1

CVE-2020-14394, CVE-2020-24165, CVE-2021-3611, CVE-2021-3638,

CVE-2023-1544, CVE-2023-2861, CVE-2023-3180, CVE-2023-3255,

CVE-2023-3301, CVE-2023-3354, CVE-2023-40360, CVE-2023-4135,

CVE-2023-42467, CVE-2023-5088

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6567-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here