USN-8073-1
- Source
- https://ubuntu.com/security/notices/USN-8073-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8073-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8073-1
- Upstream
- Related
- Published
- 2026-03-04T16:13:14Z
- Modified
- 2026-03-05T19:29:05.244387Z
- Summary
- qemu vulnerabilities
- Details
-
It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-8354)
It was discovered that QEMU incorrectly handled memory during certain VNC operations. An remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-11234)
It was discovered that the e1000 network device implementation of QEMU could be made to write out of bounds. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-12464)
It was discovered that the virtio-crypto device implementation of QEMU did not limit the length of a certain path input. An attacker inside the guest could possibly use this issue to cause QEMU to consume large amount of memory, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-14876)
It was discovered that the KVM Xen guest support of QEMU could be made to read out of bounds. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0665)
- References
Affected packages
Ubuntu:22.04:LTS / qemu
Package
- Name
- qemu
- Purl
- pkg:deb/ubuntu/qemu@1:6.2+dfsg-2ubuntu6.28?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:6.2+dfsg-2ubuntu6.28
Affected versions
1:6.*
1:6.0+dfsg-2expubuntu1
1:6.0+dfsg-2expubuntu2
1:6.0+dfsg-2expubuntu4
1:6.2+dfsg-2ubuntu5
1:6.2+dfsg-2ubuntu6
1:6.2+dfsg-2ubuntu6.1
1:6.2+dfsg-2ubuntu6.2
1:6.2+dfsg-2ubuntu6.3
1:6.2+dfsg-2ubuntu6.4
1:6.2+dfsg-2ubuntu6.5
1:6.2+dfsg-2ubuntu6.6
1:6.2+dfsg-2ubuntu6.7
1:6.2+dfsg-2ubuntu6.8
1:6.2+dfsg-2ubuntu6.9
1:6.2+dfsg-2ubuntu6.10
1:6.2+dfsg-2ubuntu6.11
1:6.2+dfsg-2ubuntu6.12
1:6.2+dfsg-2ubuntu6.13
1:6.2+dfsg-2ubuntu6.14
1:6.2+dfsg-2ubuntu6.15
1:6.2+dfsg-2ubuntu6.16
1:6.2+dfsg-2ubuntu6.17
1:6.2+dfsg-2ubuntu6.18
1:6.2+dfsg-2ubuntu6.19
1:6.2+dfsg-2ubuntu6.21
1:6.2+dfsg-2ubuntu6.22
1:6.2+dfsg-2ubuntu6.23
1:6.2+dfsg-2ubuntu6.24
1:6.2+dfsg-2ubuntu6.25
1:6.2+dfsg-2ubuntu6.26
1:6.2+dfsg-2ubuntu6.27
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-block-extra"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-guest-agent"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-arm"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-common"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-data"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-gui"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-mips"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-misc"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-ppc"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-s390x"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-sparc"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-x86"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-x86-microvm"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-system-x86-xen"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-user"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-user-binfmt"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-user-static"
},
{
"binary_version": "1:6.2+dfsg-2ubuntu6.28",
"binary_name": "qemu-utils"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-8354"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-11234"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8073-1.json"
Ubuntu:24.04:LTS / qemu
Package
- Name
- qemu
- Purl
- pkg:deb/ubuntu/qemu@1:8.2.2+ds-0ubuntu1.13?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:8.2.2+ds-0ubuntu1.13
Affected versions
1:8.*
1:8.0.4+dfsg-1ubuntu3
1:8.0.4+dfsg-1ubuntu4
1:8.0.4+dfsg-1ubuntu5
1:8.1.3+ds-1ubuntu2
1:8.2.1+ds-1ubuntu1
1:8.2.1+ds-1ubuntu8
1:8.2.1+ds-1ubuntu9
1:8.2.2+ds-0ubuntu1
1:8.2.2+ds-0ubuntu1.2
1:8.2.2+ds-0ubuntu1.4
1:8.2.2+ds-0ubuntu1.5
1:8.2.2+ds-0ubuntu1.6
1:8.2.2+ds-0ubuntu1.7
1:8.2.2+ds-0ubuntu1.8
1:8.2.2+ds-0ubuntu1.9
1:8.2.2+ds-0ubuntu1.10
1:8.2.2+ds-0ubuntu1.11
1:8.2.2+ds-0ubuntu1.12
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-block-extra"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-block-supplemental"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-guest-agent"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-arm"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-common"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-data"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-gui"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-mips"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-misc"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-modules-opengl"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-modules-spice"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-ppc"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-s390x"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-sparc"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-x86"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-x86-xen"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-system-xen"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-user"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-user-binfmt"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-user-static"
},
{
"binary_version": "1:8.2.2+ds-0ubuntu1.13",
"binary_name": "qemu-utils"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-8354"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-11234"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-12464"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-14876"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-0665"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8073-1.json"
Ubuntu:25.10 / qemu
Package
- Name
- qemu
- Purl
- pkg:deb/ubuntu/qemu@1:10.1.0+ds-5ubuntu2.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:10.1.0+ds-5ubuntu2.4
Affected versions
1:9.*
1:9.2.1+ds-1ubuntu5
1:10.*
1:10.0.2+ds-1ubuntu1
1:10.0.2+ds-1ubuntu2
1:10.1.0+ds-1ubuntu1
1:10.1.0+ds-5ubuntu1
1:10.1.0+ds-5ubuntu2
1:10.1.0+ds-5ubuntu2.1
1:10.1.0+ds-5ubuntu2.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-block-extra"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-block-supplemental"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-guest-agent"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-arm"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-common"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-data"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-gui"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-mips"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-misc"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-modules-opengl"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-modules-spice"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-ppc"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-riscv"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-s390x"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-sparc"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-x86"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-x86-xen"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-system-xen"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-user"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-user-binfmt"
},
{
"binary_version": "1:10.1.0+ds-5ubuntu2.4",
"binary_name": "qemu-utils"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:25.10",
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-8354"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-11234"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-12464"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-14876"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-0665"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8073-1.json"