[ubuntu/jammy-security] qemu 1:6.2+dfsg-2ubuntu6.27 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Sep 11 12:15:24 UTC 2025
qemu (1:6.2+dfsg-2ubuntu6.27) jammy-security; urgency=medium
* SECURITY UPDATE: double-free in QEMU virtio devices
- debian/patches/CVE-2024-3446-pre1.patch: add an optional reentrancy
guard to the BH API in docs/devel/multiple-iothreads.txt,
include/block/aio.h, include/qemu/main-loop.h,
tests/unit/ptimer-test-stubs.c, util/async.c, util/main-loop.c,
util/trace-events.
- debian/patches/CVE-2024-3446-pre2.patch: replace most qemu_bh_new
calls with qemu_bh_new_guarded.
- debian/patches/CVE-2024-3446-pre3.patch: introduce
virtio_bh_new_guarded() helper in hw/virtio/virtio.c,
include/hw/virtio/virtio.h.
- debian/patches/CVE-2024-3446-1.patch: protect from DMA re-entrancy
bugs in hw/virtio/virtio-crypto.c.
- debian/patches/CVE-2024-3446-2.patch: protect from DMA re-entrancy
bugs in hw/char/virtio-serial-bus.c.
- debian/patches/CVE-2024-3446-3.patch: protect from DMA re-entrancy
bugs in hw/display/virtio-gpu.c.
- CVE-2024-3446
* SECURITY UPDATE: heap overflow in SDHCI device emulation
- debian/patches/CVE-2024-3447.patch: do not update TRNMOD when Command
Inhibit (DAT) is set in hw/sd/sdhci.c.
- CVE-2024-3447
* SECURITY UPDATE: resource consumption in disk utility
- debian/patches/CVE-2024-4467-pre1.patch: do not reopen data_file in
invalidate_cache in block/qcow2.c.
- debian/patches/CVE-2024-4467-1.patch: don't open data_file with
BDRV_O_NO_IO in block/qcow2.c, tests/qemu-iotests/061*.
- debian/patches/CVE-2024-4467-2.patch: don't store data-file with
protocol in image in tests/qemu-iotests/244.
- debian/patches/CVE-2024-4467-3.patch: don't store data-file with
json: prefix in image in tests/qemu-iotests/270.
- debian/patches/CVE-2024-4467-4.patch: parse filenames only when
explicitly requested in block.c.
- CVE-2024-4467
* SECURITY UPDATE: heap overflow in virtio-net device RSS feature
- debian/patches/CVE-2024-6505.patch: ensure queue index fits with RSS
in hw/net/virtio-net.c.
- CVE-2024-6505
* SECURITY UPDATE: Dos via improper synchronization during socket closure
- debian/patches/CVE-2024-7409-1.patch: plumb in new args to
nbd_client_add() in blockdev-nbd.c, include/block/nbd.h,
nbd/server.c, qemu-nbd.c.
- debian/patches/CVE-2024-7409-2.patch: cap default max-connections to
100 in block/monitor/block-hmp-cmds.c, blockdev-nbd.c,
include/block/nbd.h, qapi/block-export.json.
- debian/patches/CVE-2024-7409-3.patch: close stray clients at
server-stop in blockdev-nbd.c.
- debian/patches/CVE-2024-7409-4.patch: drop non-negotiating clients in
nbd/server.c, nbd/trace-events.
- debian/patches/CVE-2024-7409-5.patch: avoid use-after-free when
closing server in blockdev-nbd.c.
- CVE-2024-7409
* SECURITY UPDATE: DoS via assert failure in usb_ep_get()
- debian/patches/CVE-2024-8354.patch: change ohci validation in
hw/usb/hcd-ohci.c, hw/usb/trace-events.
- CVE-2024-8354
* SECURITY UPDATE: possibly binfmt privilege escalation (LP: #2120814)
- debian/binfmt-install: stop using C (Credentials) flag for
binfmt_misc registration.
qemu (1:6.2+dfsg-2ubuntu6.26) jammy; urgency=medium
[ Christian Ehrhardt ]
* d/p/u/lp-2098896-hw-nvme-fix-narrowing-conversion.patch:
Fix nvme devices >= 1 TiB in size (LP: #2098896)
Thanks to Ryan Harper for the report, bisect and preparation!
* d/p/u/lp-2019967-*: Add Rome types with updated cache info (LP: #2019967)
qemu (1:6.2+dfsg-2ubuntu6.25) jammy; urgency=medium
* d/p/u/lp-2019968-add-missing-feature-bits-epyc-milan-*.patch: Add
missing feature bits to EPYC-Milan CPU model. (LP: #2019968)
[ Louis Bouchard ]
* d/p/monitor-only-run-coroutine-commands-in-qemu_aio_cont.patch:
Backport upstream fix for qmp timeouts.
Upstream commit effd60c878176bcaf97fa7ce2b12d04bb8ead6f7
(LP: #2091013)
Date: 2025-08-26 12:06:12.719346+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.27
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list