USN-4511-1
- Source
- https://ubuntu.com/security/notices/USN-4511-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4511-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4511-1
- Upstream
- Related
- Published
- 2020-09-17T11:10:51.996995Z
- Modified
- 2025-10-13T04:35:13Z
- Summary
- qemu vulnerability
- Details
-
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile.
- References
Affected packages
Ubuntu:16.04:LTS / qemu
Package
- Name
- qemu
- Purl
- pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.46?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.5+dfsg-5ubuntu10.46
Affected versions
1:2.*
1:2.3+dfsg-5ubuntu9
1:2.3+dfsg-5ubuntu10
1:2.4+dfsg-4ubuntu1
1:2.4+dfsg-4ubuntu2
1:2.4+dfsg-4ubuntu3
1:2.4+dfsg-5ubuntu3
1:2.5+dfsg-1ubuntu2
1:2.5+dfsg-1ubuntu3
1:2.5+dfsg-1ubuntu4
1:2.5+dfsg-1ubuntu5
1:2.5+dfsg-5ubuntu1
1:2.5+dfsg-5ubuntu2
1:2.5+dfsg-5ubuntu4
1:2.5+dfsg-5ubuntu6
1:2.5+dfsg-5ubuntu7
1:2.5+dfsg-5ubuntu10
1:2.5+dfsg-5ubuntu10.1
1:2.5+dfsg-5ubuntu10.2
1:2.5+dfsg-5ubuntu10.3
1:2.5+dfsg-5ubuntu10.4
1:2.5+dfsg-5ubuntu10.5
1:2.5+dfsg-5ubuntu10.6
1:2.5+dfsg-5ubuntu10.7
1:2.5+dfsg-5ubuntu10.8
1:2.5+dfsg-5ubuntu10.9
1:2.5+dfsg-5ubuntu10.10
1:2.5+dfsg-5ubuntu10.11
1:2.5+dfsg-5ubuntu10.13
1:2.5+dfsg-5ubuntu10.14
1:2.5+dfsg-5ubuntu10.15
1:2.5+dfsg-5ubuntu10.16
1:2.5+dfsg-5ubuntu10.20
1:2.5+dfsg-5ubuntu10.21
1:2.5+dfsg-5ubuntu10.22
1:2.5+dfsg-5ubuntu10.24
1:2.5+dfsg-5ubuntu10.25
1:2.5+dfsg-5ubuntu10.26
1:2.5+dfsg-5ubuntu10.28
1:2.5+dfsg-5ubuntu10.29
1:2.5+dfsg-5ubuntu10.30
1:2.5+dfsg-5ubuntu10.31
1:2.5+dfsg-5ubuntu10.32
1:2.5+dfsg-5ubuntu10.33
1:2.5+dfsg-5ubuntu10.34
1:2.5+dfsg-5ubuntu10.35
1:2.5+dfsg-5ubuntu10.36
1:2.5+dfsg-5ubuntu10.37
1:2.5+dfsg-5ubuntu10.38
1:2.5+dfsg-5ubuntu10.39
1:2.5+dfsg-5ubuntu10.40
1:2.5+dfsg-5ubuntu10.41
1:2.5+dfsg-5ubuntu10.42
1:2.5+dfsg-5ubuntu10.43
1:2.5+dfsg-5ubuntu10.44
1:2.5+dfsg-5ubuntu10.45
Ecosystem specific
{
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4511-1.json"
cves_map
{
"ecosystem": "Ubuntu:16.04:LTS",
"cves": [
{
"id": "CVE-2020-14364",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:18.04:LTS / qemu
Package
- Name
- qemu
- Purl
- pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.32?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.11+dfsg-1ubuntu7.32
Affected versions
1:2.*
1:2.10+dfsg-0ubuntu3
1:2.10+dfsg-0ubuntu4
1:2.10+dfsg-0ubuntu5
1:2.11+dfsg-1ubuntu1
1:2.11+dfsg-1ubuntu2
1:2.11+dfsg-1ubuntu4
1:2.11+dfsg-1ubuntu5
1:2.11+dfsg-1ubuntu6
1:2.11+dfsg-1ubuntu7
1:2.11+dfsg-1ubuntu7.1
1:2.11+dfsg-1ubuntu7.2
1:2.11+dfsg-1ubuntu7.3
1:2.11+dfsg-1ubuntu7.4
1:2.11+dfsg-1ubuntu7.5
1:2.11+dfsg-1ubuntu7.6
1:2.11+dfsg-1ubuntu7.7
1:2.11+dfsg-1ubuntu7.8
1:2.11+dfsg-1ubuntu7.9
1:2.11+dfsg-1ubuntu7.10
1:2.11+dfsg-1ubuntu7.12
1:2.11+dfsg-1ubuntu7.13
1:2.11+dfsg-1ubuntu7.14
1:2.11+dfsg-1ubuntu7.15
1:2.11+dfsg-1ubuntu7.17
1:2.11+dfsg-1ubuntu7.18
1:2.11+dfsg-1ubuntu7.19
1:2.11+dfsg-1ubuntu7.20
1:2.11+dfsg-1ubuntu7.21
1:2.11+dfsg-1ubuntu7.22
1:2.11+dfsg-1ubuntu7.23
1:2.11+dfsg-1ubuntu7.25
1:2.11+dfsg-1ubuntu7.26
1:2.11+dfsg-1ubuntu7.27
1:2.11+dfsg-1ubuntu7.28
1:2.11+dfsg-1ubuntu7.29
1:2.11+dfsg-1ubuntu7.31
Ecosystem specific
{
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4511-1.json"
cves_map
{
"ecosystem": "Ubuntu:18.04:LTS",
"cves": [
{
"id": "CVE-2020-14364",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:20.04:LTS / qemu
Package
- Name
- qemu
- Purl
- pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.6?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:4.2-3ubuntu6.6
Affected versions
1:4.*
1:4.0+dfsg-0ubuntu9
1:4.0+dfsg-0ubuntu10
1:4.2-1ubuntu1
1:4.2-1ubuntu2
1:4.2-3ubuntu1
1:4.2-3ubuntu2
1:4.2-3ubuntu3
1:4.2-3ubuntu4
1:4.2-3ubuntu5
1:4.2-3ubuntu6
1:4.2-3ubuntu6.1
1:4.2-3ubuntu6.2
1:4.2-3ubuntu6.3
1:4.2-3ubuntu6.4
1:4.2-3ubuntu6.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.6"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4511-1.json"
cves_map
{
"ecosystem": "Ubuntu:20.04:LTS",
"cves": [
{
"id": "CVE-2020-14364",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}