==========================================================================
Ubuntu Security Notice USN-8073-1
March 04, 2026
qemu vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
It was discovered that the UHCI controller implementation of QEMU could be
brought into an invalid state. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2024-8354)
It was discovered that QEMU incorrectly handled memory during certain VNC
operations. An remote attacker could possibly use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-11234)
It was discovered that the e1000 network device implementation of QEMU
could be made to write out of bounds. An attacker inside the guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-12464)
It was discovered that the virtio-crypto device implementation of QEMU did
not limit the length of a certain path input. An attacker inside the guest
could possibly use this issue to cause QEMU to consume large amount of
memory, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 25.10. (CVE-2025-14876)
It was discovered that the KVM Xen guest support of QEMU could be made to
read out of bounds. An attacker inside the guest could possibly use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0665)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
qemu-system 1:10.1.0+ds-5ubuntu2.4
qemu-system-arm 1:10.1.0+ds-5ubuntu2.4
qemu-system-common 1:10.1.0+ds-5ubuntu2.4
qemu-system-data 1:10.1.0+ds-5ubuntu2.4
qemu-system-gui 1:10.1.0+ds-5ubuntu2.4
qemu-system-mips 1:10.1.0+ds-5ubuntu2.4
qemu-system-misc 1:10.1.0+ds-5ubuntu2.4
qemu-system-modules-opengl 1:10.1.0+ds-5ubuntu2.4
qemu-system-modules-spice 1:10.1.0+ds-5ubuntu2.4
qemu-system-ppc 1:10.1.0+ds-5ubuntu2.4
qemu-system-riscv 1:10.1.0+ds-5ubuntu2.4
qemu-system-s390x 1:10.1.0+ds-5ubuntu2.4
qemu-system-sparc 1:10.1.0+ds-5ubuntu2.4
qemu-system-x86 1:10.1.0+ds-5ubuntu2.4
qemu-system-x86-xen 1:10.1.0+ds-5ubuntu2.4
qemu-system-xen 1:10.1.0+ds-5ubuntu2.4
Ubuntu 24.04 LTS
qemu-system 1:8.2.2+ds-0ubuntu1.13
qemu-system-arm 1:8.2.2+ds-0ubuntu1.13
qemu-system-common 1:8.2.2+ds-0ubuntu1.13
qemu-system-data 1:8.2.2+ds-0ubuntu1.13
qemu-system-gui 1:8.2.2+ds-0ubuntu1.13
qemu-system-mips 1:8.2.2+ds-0ubuntu1.13
qemu-system-misc 1:8.2.2+ds-0ubuntu1.13
qemu-system-modules-opengl 1:8.2.2+ds-0ubuntu1.13
qemu-system-modules-spice 1:8.2.2+ds-0ubuntu1.13
qemu-system-ppc 1:8.2.2+ds-0ubuntu1.13
qemu-system-s390x 1:8.2.2+ds-0ubuntu1.13
qemu-system-sparc 1:8.2.2+ds-0ubuntu1.13
qemu-system-x86 1:8.2.2+ds-0ubuntu1.13
qemu-system-x86-xen 1:8.2.2+ds-0ubuntu1.13
qemu-system-xen 1:8.2.2+ds-0ubuntu1.13
Ubuntu 22.04 LTS
qemu 1:6.2+dfsg-2ubuntu6.28
qemu-system 1:6.2+dfsg-2ubuntu6.28
qemu-system-arm 1:6.2+dfsg-2ubuntu6.28
qemu-system-common 1:6.2+dfsg-2ubuntu6.28
qemu-system-data 1:6.2+dfsg-2ubuntu6.28
qemu-system-gui 1:6.2+dfsg-2ubuntu6.28
qemu-system-mips 1:6.2+dfsg-2ubuntu6.28
qemu-system-misc 1:6.2+dfsg-2ubuntu6.28
qemu-system-ppc 1:6.2+dfsg-2ubuntu6.28
qemu-system-s390x 1:6.2+dfsg-2ubuntu6.28
qemu-system-sparc 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86-microvm 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86-xen 1:6.2+dfsg-2ubuntu6.28
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8073-1
CVE-2024-8354, CVE-2025-11234, CVE-2025-12464, CVE-2025-14876,
CVE-2026-0665
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu2.4
https://launchpad.net/ubuntu/+source/qemu/1:8.2.2+ds-0ubuntu1.13
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.28
No comments:
Post a Comment