- Vulnerability/
- USN-4467-1
USN-4467-1: QEMU vulnerabilities
First published: Wed Aug 19 2020(Updated: )
Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-10756) Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761) Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly handled certain operations. An attacker inside a guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12829) It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253) Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361) Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362) Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory space operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13659) Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754) It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-13765) Ren Ding, Hanqing Zhao, and Yi Ren discovered that the QEMU ATI video driver incorrectly handled certain index values. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-13800) Ziming Zhang discovered that the QEMU OSS audio driver incorrectly handled certain operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14415) Ziming Zhang discovered that the QEMU XGMAC Ethernet controller incorrectly handled packet transmission. An attacker inside a guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15863) Ziming Zhang discovered that the QEMU e1000e Ethernet controller incorrectly handled packet processing. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-16092)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/qemu | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-arm | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-mips | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-ppc | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-s390x | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-sparc | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-x86 | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-x86-microvm | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu-system-x86-xen | <1:4.2-3ubuntu6.4 | 1:4.2-3ubuntu6.4 |
| =20.04 | ||
| All of | ||
| ubuntu/qemu | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu-system | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu-system-mips | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu-system-ppc | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu-system-s390x | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu-system-sparc | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu-system-x86 | <1:2.11+dfsg-1ubuntu7.31 | 1:2.11+dfsg-1ubuntu7.31 |
| =18.04 | ||
| All of | ||
| ubuntu/qemu | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-aarch64 | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-arm | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-mips | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-ppc | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-s390x | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-sparc | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-x86 | <1:2.5+dfsg-5ubuntu10.45 | 1:2.5+dfsg-5ubuntu10.45 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-10756
- https://ubuntu.com/security/CVE-2020-10761
- https://ubuntu.com/security/CVE-2020-12829
- https://ubuntu.com/security/CVE-2020-13253
- https://ubuntu.com/security/CVE-2020-13361
- https://ubuntu.com/security/CVE-2020-13362
- https://ubuntu.com/security/CVE-2020-13659
- https://ubuntu.com/security/CVE-2020-13754
- https://ubuntu.com/security/CVE-2020-13765
- https://ubuntu.com/security/CVE-2020-13800
- https://ubuntu.com/security/CVE-2020-14415
- https://ubuntu.com/security/CVE-2020-15863
- https://ubuntu.com/security/CVE-2020-16092
- https://ubuntu.com/security/notices/USN-4437-1
- https://ubuntu.com/security/notices/USN-4467-2
- https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.4
- https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.31
- https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.45
- https://ubuntu.com/security/notices/USN-4467-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-4467-1?
The severity of USN-4467-1 is high.
How does the QEMU SLiRP networking implementation vulnerability affect Ubuntu?
The QEMU SLiRP networking implementation vulnerability affects Ubuntu 18.04 LTS and 20.04.
What is the impact of the QEMU SLiRP networking implementation vulnerability?
The vulnerability could allow an attacker inside a guest to leak host memory and obtain sensitive information.
Which QEMU packages are affected by the vulnerability?
The following QEMU packages are affected: qemu, qemu-system, qemu-system-arm, qemu-system-mips, qemu-system-ppc, qemu-system-s390x, qemu-system-sparc, qemu-system-x86, qemu-system-x86-microvm, qemu-system-x86-xen.
How do I fix the QEMU SLiRP networking implementation vulnerability?
To fix the vulnerability, update the affected QEMU packages to version 1:4.2-3ubuntu6.4 for Ubuntu 18.04 LTS and version 1:4.2-3ubuntu6.4 for Ubuntu 20.04.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-4437-1
- anchor-related/USN-4467-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04