USN-6567-1 introduced a regression in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too
restrictive and introduced a behaviour change leading to a regression in
certain environments. This update fixes the problem.
Original advisory details:
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)
It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code and esclate
privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)
It was discovered that QEMU in...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS qemu-system 1:6.2+dfsg-2ubuntu6.21 qemu-system-arm 1:6.2+dfsg-2ubuntu6.21 qemu-system-mips 1:6.2+dfsg-2ubuntu6.21 qemu-system-misc 1:6.2+dfsg-2ubuntu6.21 qemu-system-ppc 1:6.2+dfsg-2ubuntu6.21 qemu-system-s390x 1:6.2+dfsg-2ubuntu6.21 qemu-system-sparc 1:6.2+dfsg-2ubuntu6.21 qemu-system-x86 1:6.2+dfsg-2ubuntu6.21 qemu-system-x86-microvm 1:6.2+dfsg-2ubuntu6.21 qemu-system-x86-xen 1:6.2+dfsg-2ubuntu6.21 Ubuntu 20.04 LTS qemu-system 1:4.2-3ubuntu6.29 qemu-system-arm 1:4.2-3ubuntu6.29 qemu-system-mips 1:4.2-3ubuntu6.29 qemu-system-misc 1:4.2-3ubuntu6.29 qemu-system-ppc 1:4.2-3ubuntu6.29 qemu-system-s390x 1:4.2-3ubuntu6.29 qemu-system-sparc 1:4.2-3ubuntu6.29 qemu-system-x86 1:4.2-3ubuntu6.29 qemu-system-x86-microvm 1:4.2-3ubuntu6.29 qemu-system-x86-xen 1:4.2-3ubuntu6.29 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
https://ubuntu.com/security/notices/USN-6567-2
https://ubuntu.com/security/notices/USN-6567-1
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2065579
Get the latest Linux and open source security news straight to your inbox.