It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)
It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4144)
It was discovered that QEMU did not properly manage memory in the ACPI Error Record Serialization Table (ERST) device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-4172)
It was discovered that QEMU did not properly manage memory when DMA memory writes happen repeatedly in the lsi53c895a device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2023-0330)
{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "qemu",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-guest-agent",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-keymaps",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-kvm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-arm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-mips",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-misc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-ppc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-sparc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-system-x86",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-user",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-user-static",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        },
        {
            "binary_name": "qemu-utils",
            "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3"
        }
    ]
}
          {
    "cves": [
        {
            "id": "CVE-2022-4144",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2023-0330",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:Pro:14.04:LTS"
}
                {
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "qemu",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-kvm",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-common",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-user",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-user-static",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        },
        {
            "binary_name": "qemu-utils",
            "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2"
        }
    ]
}
          {
    "cves": [
        {
            "id": "CVE-2022-4144",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2023-0330",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:Pro:16.04:LTS"
}
                {
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "qemu",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-kvm",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-common",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-user",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-user-static",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        },
        {
            "binary_name": "qemu-utils",
            "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1"
        }
    ]
}
          {
    "cves": [
        {
            "id": "CVE-2022-4144",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2023-0330",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:Pro:18.04:LTS"
}
                {
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "qemu",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-kvm",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-common",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-data",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-gui",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-x86-microvm",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-system-x86-xen",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-user",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-user-static",
            "binary_version": "1:4.2-3ubuntu6.27"
        },
        {
            "binary_name": "qemu-utils",
            "binary_version": "1:4.2-3ubuntu6.27"
        }
    ]
}
          {
    "cves": [
        {
            "id": "CVE-2022-1050",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2022-4144",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2023-0330",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:20.04:LTS"
}
                {
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "qemu",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-common",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-data",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-gui",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-x86-microvm",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-system-x86-xen",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-user",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-user-static",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        },
        {
            "binary_name": "qemu-utils",
            "binary_version": "1:6.2+dfsg-2ubuntu6.11"
        }
    ]
}
          {
    "cves": [
        {
            "id": "CVE-2022-1050",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2022-4144",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2023-0330",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:22.04:LTS"
}