Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 546
Alerts This Week
Warning Icon 1 546

Ubuntu 20.04 18.04 QEMU Medium DoS Vulnerability Backslide USN-8412-2

ubuntu
Calendar Grey June 16, 2026
Scroller Ubuntu Esm H88
Ubuntu update USN-8412-2 resolves QEMU regression issues affecting multiple versions. Ensure no service disruption occurs.
USN-8412-1 introduced a regression in QEMU

Summary

USN-8412-1 introduced a regression in QEMU

Software Description:

- qemu: Machine emulator and virtualizer

Details:

USN-8412-1 fixed vulnerabilities in QEMU. On both Ubuntu 18.04 LTS and

Ubuntu 20.04 LTS, the fix for CVE-2024-7409 was incomplete and resulted

in a regression that could cause qemu-nbd to crash when a client connected.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the

iSCSI block driver in QEMU incorrectly handled certain responses from an

iSCSI server. A remote attacker could possibly use this issue to cause QEMU

to crash, resulting in a denial of service, or possibly execute arbitrary

code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711)

It was discovered that the iSCSI block driver in QEMU incorrectly handled

certain memory operations, leading to a heap-based buffer over-read. An

attacker could possibly use this issue to ex...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  qemu-block-extra                1:4.2-3ubuntu6.30+esm2
                                  Available with Ubuntu Pro
  qemu-utils                      1:4.2-3ubuntu6.30+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  qemu-block-extra                1:2.11+dfsg-1ubuntu7.42+esm6
                                  Available with Ubuntu Pro
  qemu-utils                      1:2.11+dfsg-1ubuntu7.42+esm6
                                  Available with Ubuntu Pro

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8412-2

https://ubuntu.com/security/notices/USN-8412-1

CVE-2024-7409

Severity
moderate
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8412-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.