What is the vulnerability?

QEMU vulnerabilities are a set of security issues in the QEMU emulator that could allow attackers to cause a denial of service or execute arbitrary code.

How does this vulnerability affect me?

If you are using the affected versions of QEMU on Ubuntu 18.04, 20.04, or 21.10, your system may be vulnerable to denial of service or arbitrary code execution attacks.

How do I fix QEMU vulnerabilities?

To fix QEMU vulnerabilities, update the affected QEMU packages to the specified versions provided by Ubuntu.

Are there any known exploits for these vulnerabilities?

There are no known exploits for these QEMU vulnerabilities at the moment.

Where can I find more information about these vulnerabilities?

You can find more information about these vulnerabilities on the Ubuntu Security Notices website using the provided references.

Vulnerability/
USN-5307-1

28/2/2022

USN-5307-1: QEMU vulnerabilities

First published: Mon Feb 28 2022(Updated: )

Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20196) Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203) It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3682) It was discovered that the QEMU UAS device emulation incorrectly handled certain stream numbers. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3713) It was discovered that the QEMU virtio-net device incorrectly handled certain buffer addresses. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3748) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MODE SELECT commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-3930) It was discovered that the QEMU ACPI logic incorrectly handled certain values. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.10. (CVE-2021-4158) Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that the QEMU virtiofsd device incorrectly handled permissions when creating files. An attacker inside the guest could use this issue to create files inside the directory shared by virtiofs with unintended permissions, possibly allowing privilege escalation. This issue only affected Ubuntu 21.10. (CVE-2022-0358)

Affected Software	Affected Version	How to fix
All of
ubuntu/qemu-system-x86-microvm	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-misc	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-s390x	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-x86	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-sparc	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-arm	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-ppc	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-mips	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-x86-xen	<1:6.0+dfsg-2expubuntu1.2	1:6.0+dfsg-2expubuntu1.2
Ubuntu Ubuntu	=21.10
All of
ubuntu/qemu-system-x86-microvm	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-misc	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-s390x	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-x86	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-sparc	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-arm	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-ppc	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-mips	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-x86-xen	<1:4.2-3ubuntu6.21	1:4.2-3ubuntu6.21
Ubuntu Ubuntu	=20.04
All of
ubuntu/qemu-system-misc	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system-s390x	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system-x86	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system-arm	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system-sparc	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system-ppc	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04
All of
ubuntu/qemu-system-mips	<1:2.11+dfsg-1ubuntu7.39	1:2.11+dfsg-1ubuntu7.39
Ubuntu Ubuntu	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability?
QEMU vulnerabilities are a set of security issues in the QEMU emulator that could allow attackers to cause a denial of service or execute arbitrary code.
How does this vulnerability affect me?
If you are using the affected versions of QEMU on Ubuntu 18.04, 20.04, or 21.10, your system may be vulnerable to denial of service or arbitrary code execution attacks.
How do I fix QEMU vulnerabilities?
To fix QEMU vulnerabilities, update the affected QEMU packages to the specified versions provided by Ubuntu.
Are there any known exploits for these vulnerabilities?
There are no known exploits for these QEMU vulnerabilities at the moment.
Where can I find more information about these vulnerabilities?
You can find more information about these vulnerabilities on the Ubuntu Security Notices website using the provided references.

agent/type
agent/references
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/usn
source/Ubuntu
anchor-related/USN-5010-1
anchor-related/USN-5772-1
anchor-related/USN-5489-1
agent/software-canonical-lookup
agent/title
agent/event
agent/tags
agent/description
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/21.10
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04