It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)
It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4144)
It was discovered that QEMU did not properly manage memory in the ACPI Error Record Serialization Table (ERST) device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-4172)
It was discovered that QEMU did not properly manage memory when DMA memory writes happen repeatedly in the lsi53c895a device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2023-0330)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "qemu", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-common", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-guest-agent", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-keymaps", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-kvm", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-aarch64", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-arm", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-common", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-mips", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-misc", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-ppc", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-sparc", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-system-x86", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-user", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-user-static", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" }, { "binary_name": "qemu-utils", "binary_version": "2.0.0+dfsg-2ubuntu1.47+esm3" } ] }
{ "cves_map": { "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-4144" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2023-0330" } ], "ecosystem": "Ubuntu:Pro:14.04:LTS" } }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "qemu", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-block-extra", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-guest-agent", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-kvm", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-aarch64", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-arm", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-common", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-mips", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-misc", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-ppc", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-s390x", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-sparc", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-system-x86", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-user", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-user-binfmt", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-user-static", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" }, { "binary_name": "qemu-utils", "binary_version": "1:2.5+dfsg-5ubuntu10.51+esm2" } ] }
{ "cves_map": { "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-4144" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2023-0330" } ], "ecosystem": "Ubuntu:Pro:16.04:LTS" } }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "qemu", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-block-extra", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-guest-agent", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-kvm", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-arm", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-common", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-mips", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-misc", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-ppc", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-s390x", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-sparc", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-system-x86", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-user", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-user-binfmt", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-user-static", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" }, { "binary_name": "qemu-utils", "binary_version": "1:2.11+dfsg-1ubuntu7.42+esm1" } ] }
{ "cves_map": { "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-4144" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2023-0330" } ], "ecosystem": "Ubuntu:Pro:18.04:LTS" } }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "qemu", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-block-extra", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-guest-agent", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-kvm", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-arm", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-common", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-data", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-gui", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-mips", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-misc", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-ppc", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-s390x", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-sparc", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-x86", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-x86-microvm", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-system-x86-xen", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-user", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-user-binfmt", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-user-static", "binary_version": "1:4.2-3ubuntu6.27" }, { "binary_name": "qemu-utils", "binary_version": "1:4.2-3ubuntu6.27" } ] }
{ "cves_map": { "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-1050" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-4144" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2023-0330" } ], "ecosystem": "Ubuntu:20.04:LTS" } }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "qemu", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-block-extra", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-guest-agent", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-arm", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-common", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-data", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-gui", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-mips", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-misc", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-ppc", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-s390x", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-sparc", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-x86", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-x86-microvm", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-system-x86-xen", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-user", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-user-binfmt", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-user-static", "binary_version": "1:6.2+dfsg-2ubuntu6.11" }, { "binary_name": "qemu-utils", "binary_version": "1:6.2+dfsg-2ubuntu6.11" } ] }
{ "cves_map": { "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-1050" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2022-4144" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2023-0330" } ], "ecosystem": "Ubuntu:22.04:LTS" } }