Explore top 10 tips to secure your open-source projects now. Read More
×
USN-8412-1 introduced a regression in QEMU
Software Description:
- qemu: Machine emulator and virtualizer
Details:
USN-8412-1 fixed vulnerabilities in QEMU. On both Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS, the fix for CVE-2024-7409 was incomplete and resulted
in a regression that could cause qemu-nbd to crash when a client connected.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the
iSCSI block driver in QEMU incorrectly handled certain responses from an
iSCSI server. A remote attacker could possibly use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711)
It was discovered that the iSCSI block driver in QEMU incorrectly handled
certain memory operations, leading to a heap-based buffer over-read. An
attacker could possibly use this issue to ex...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
qemu-block-extra 1:4.2-3ubuntu6.30+esm2
Available with Ubuntu Pro
qemu-utils 1:4.2-3ubuntu6.30+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
qemu-block-extra 1:2.11+dfsg-1ubuntu7.42+esm6
Available with Ubuntu Pro
qemu-utils 1:2.11+dfsg-1ubuntu7.42+esm6
Available with Ubuntu Pro
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.https://ubuntu.com/security/notices/USN-8412-2
https://ubuntu.com/security/notices/USN-8412-1
CVE-2024-7409
Get the latest Linux and open source security news straight to your inbox.