Ubuntu QEMU Medium Regression Denial of Service Fix USN-8412-3
ubuntu
June 29, 2026
USN-8412-1 introduced a regression in QEMU
Summary
USN-8412-1 introduced a regression in QEMU
Software Description:
- qemu: Machine emulator and virtualizer
Details:
USN-8412-1 fixed vulnerabilities QEMU. On Ubuntu 20.04 LTS, the fix for
CVE-2024-4467 was incomplete and prevented the creation of boot volumes
from qcow2 images. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the
iSCSI block driver in QEMU incorrectly handled certain responses from an
iSCSI server. A remote attacker could possibly use this issue to cause
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711)
It was discovered that the iSCSI block driver in QEMU incorrectly handled
certain memory operations, leading to a heap-based buffer over-read. An
attacker could possibly use this issue to expose sensitive information
from the host. This issue on...
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
qemu 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-block-extra 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-guest-agent 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-kvm 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-arm 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-common 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-data 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-gui 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-mips 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-misc 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-ppc 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-s390x 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-sparc 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-x86 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-x86-microvm 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-x86-xen 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-user 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-user-binfmt 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-user-static 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-utils 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.References
https://ubuntu.com/security/notices/USN-8412-3
https://ubuntu.com/security/notices/USN-8412-2
https://ubuntu.com/security/notices/USN-8412-1
https://launchpad.net/bugs/2158180
PREVIOUS
NEXT
Severity
medium
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8412-3
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!