USN-4467-1: QEMU vulnerabilities

Packages

qemu - Machine emulator and virtualizer

Details

Ziming Zhang and VictorV discovered that the QEMU SLiRP networking
implementation incorrectly handled replying to certain ICMP echo requests.
An attacker inside a guest could possibly use this issue to leak host
memory to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS. (CVE-2020-10756)

Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation
incorrectly handled certain requests. A remote attacker could possibly use
this issue to cause QEMU to crash, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761)

Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly
handled certain operations. An attacker inside a guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (

Ziming Zhang and VictorV discovered that the QEMU SLiRP networking
implementation incorrectly handled replying to certain ICMP echo requests.
An attacker inside a guest could possibly use this issue to leak host
memory to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS. (CVE-2020-10756)

Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation
incorrectly handled certain requests. A remote attacker could possibly use
this issue to cause QEMU to crash, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761)

Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly
handled certain operations. An attacker inside a guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2020-12829)

It was discovered that the QEMU SD memory card implementation incorrectly
handled certain memory operations. An attacker inside a guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2020-13253)

Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver
incorrectly handled certain invalid frame counts. An attacker inside a
guest could possibly use this issue to cause QEMU to crash, resulting in a
denial of service. (CVE-2020-13361)

Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver
incorrectly handled certain memory operations. An attacker inside a guest
could possibly use this issue to cause QEMU to crash, resulting in a denial
of service. (CVE-2020-13362)

Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly
handled certain memory space operations. An attacker inside a guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2020-13659)

Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko
discovered that the QEMU incorrectly handled certain msi-x mmio operations.
An attacker inside a guest could possibly use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2020-13754)

It was discovered that QEMU incorrectly handled certain memory copy
operations when loading ROM contents. If a user were tricked into running
an untrusted kernel image, a remote attacker could possibly use this issue
to run arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2020-13765)

Ren Ding, Hanqing Zhao, and Yi Ren discovered that the QEMU ATI video
driver incorrectly handled certain index values. An attacker inside a guest
could possibly use this issue to cause QEMU to crash, resulting in a denial
of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-13800)

Ziming Zhang discovered that the QEMU OSS audio driver incorrectly handled
certain operations. An attacker inside a guest could possibly use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 20.04 LTS. (CVE-2020-14415)

Ziming Zhang discovered that the QEMU XGMAC Ethernet controller incorrectly
handled packet transmission. An attacker inside a guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2020-15863)

Ziming Zhang discovered that the QEMU e1000e Ethernet controller
incorrectly handled packet processing. An attacker inside a guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-16092)

Update instructions

After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
20.04 focal	qemu – 1:4.2-3ubuntu6.4
	qemu-system – 1:4.2-3ubuntu6.4
	qemu-system-arm – 1:4.2-3ubuntu6.4
	qemu-system-mips – 1:4.2-3ubuntu6.4
	qemu-system-ppc – 1:4.2-3ubuntu6.4
	qemu-system-s390x – 1:4.2-3ubuntu6.4
	qemu-system-sparc – 1:4.2-3ubuntu6.4
	qemu-system-x86 – 1:4.2-3ubuntu6.4
	qemu-system-x86-microvm – 1:4.2-3ubuntu6.4
	qemu-system-x86-xen – 1:4.2-3ubuntu6.4
18.04 bionic	qemu – 1:2.11+dfsg-1ubuntu7.31
	qemu-system – 1:2.11+dfsg-1ubuntu7.31
	qemu-system-mips – 1:2.11+dfsg-1ubuntu7.31
	qemu-system-ppc – 1:2.11+dfsg-1ubuntu7.31
	qemu-system-s390x – 1:2.11+dfsg-1ubuntu7.31
	qemu-system-sparc – 1:2.11+dfsg-1ubuntu7.31
	qemu-system-x86 – 1:2.11+dfsg-1ubuntu7.31
16.04 xenial	qemu – 1:2.5+dfsg-5ubuntu10.45
	qemu-system – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-aarch64 – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-arm – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-mips – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-ppc – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-s390x – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-sparc – 1:2.5+dfsg-5ubuntu10.45
	qemu-system-x86 – 1:2.5+dfsg-5ubuntu10.45

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices