Ubuntu 25.10 QEMU High Denial of Service Vulnerabilities USN-8087-1
ubuntu
March 4, 2026
Several security issues were fixed in QEMU.
Summary
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
It was discovered that the UHCI controller implementation of QEMU could be
brought into an invalid state. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2024-8354)
It was discovered that QEMU incorrectly handled memory during certain VNC
operations. An remote attacker could possibly use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-11234)
It was discovered that the e1000 network device implementation of QEMU
could be made to write out of bounds. An attacker inside the guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-12464)
It was discovered that the virtio-crypto device im...
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 qemu-system 1:10.1.0+ds-5ubuntu2.4 qemu-system-arm 1:10.1.0+ds-5ubuntu2.4 qemu-system-common 1:10.1.0+ds-5ubuntu2.4 qemu-system-data 1:10.1.0+ds-5ubuntu2.4 qemu-system-gui 1:10.1.0+ds-5ubuntu2.4 qemu-system-mips 1:10.1.0+ds-5ubuntu2.4 qemu-system-misc 1:10.1.0+ds-5ubuntu2.4 qemu-system-modules-opengl 1:10.1.0+ds-5ubuntu2.4 qemu-system-modules-spice 1:10.1.0+ds-5ubuntu2.4 qemu-system-ppc 1:10.1.0+ds-5ubuntu2.4 qemu-system-riscv 1:10.1.0+ds-5ubuntu2.4 qemu-system-s390x 1:10.1.0+ds-5ubuntu2.4 qemu-system-sparc 1:10.1.0+ds-5ubuntu2.4 qemu-system-x86 1:10.1.0+ds-5ubuntu2.4 qemu-system-x86-xen 1:10.1.0+ds-5ubuntu2.4 qemu-system-xen 1:10.1.0+ds-5ubuntu2.4 Ubuntu 24.04 LTS qemu-system 1:8.2.2+ds-0ubuntu1.13 qemu-system-arm 1:8.2.2+ds-0ubuntu1.13 qemu-system-common 1:8.2.2+ds-0ubuntu1.13 qemu-system-data 1:8.2.2+ds-0ubuntu1.13 qemu-system-gui 1:8.2.2+ds-0ubuntu1.13 qemu-system-mips 1:8.2.2+ds-0ubuntu1.13 qemu-system-misc 1:8.2.2+ds-0ubuntu1.13 qemu-system-modules-opengl 1:8.2.2+ds-0ubuntu1.13 qemu-system-modules-spice 1:8.2.2+ds-0ubuntu1.13 qemu-system-ppc 1:8.2.2+ds-0ubuntu1.13 qemu-system-s390x 1:8.2.2+ds-0ubuntu1.13 qemu-system-sparc 1:8.2.2+ds-0ubuntu1.13 qemu-system-x86 1:8.2.2+ds-0ubuntu1.13 qemu-system-x86-xen 1:8.2.2+ds-0ubuntu1.13 qemu-system-xen 1:8.2.2+ds-0ubuntu1.13 Ubuntu 22.04 LTS qemu 1:6.2+dfsg-2ubuntu6.28 qemu-system 1:6.2+dfsg-2ubuntu6.28 qemu-system-arm 1:6.2+dfsg-2ubuntu6.28 qemu-system-common 1:6.2+dfsg-2ubuntu6.28 qemu-system-data 1:6.2+dfsg-2ubuntu6.28 qemu-system-gui 1:6.2+dfsg-2ubuntu6.28 qemu-system-mips 1:6.2+dfsg-2ubuntu6.28 qemu-system-misc 1:6.2+dfsg-2ubuntu6.28 qemu-system-ppc 1:6.2+dfsg-2ubuntu6.28 qemu-system-s390x 1:6.2+dfsg-2ubuntu6.28 qemu-system-sparc 1:6.2+dfsg-2ubuntu6.28 qemu-system-x86 1:6.2+dfsg-2ubuntu6.28 qemu-system-x86-microvm 1:6.2+dfsg-2ubuntu6.28 qemu-system-x86-xen 1:6.2+dfsg-2ubuntu6.28 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8073-1
CVE-2024-8354, CVE-2025-11234, CVE-2025-12464, CVE-2025-14876,
CVE-2026-0665
PREVIOUS
NEXT
Severity
medium
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8073-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!