This bug was fixed in the package qemu - 1:8.2.2+ds-0ubuntu1.10
---------------
qemu (1:8.2.2+ds-0ubuntu1.10) noble-security; urgency=medium
* SECURITY UPDATE: double-free in QEMU virtio devices
- debian/patches/CVE-2024-3446-pre1.patch: introduce
virtio_bh_new_guarded() helper in hw/virtio/virtio.c,
include/hw/virtio/virtio.h.
- debian/patches/CVE-2024-3446-1.patch: protect from DMA re-entrancy
bugs in hw/virtio/virtio-crypto.c.
- debian/patches/CVE-2024-3446-2.patch: protect from DMA re-entrancy
bugs in hw/char/virtio-serial-bus.c.
- debian/patches/CVE-2024-3446-3.patch: protect from DMA re-entrancy
bugs in hw/display/virtio-gpu.c.
- CVE-2024-3446
* SECURITY UPDATE: heap overflow in SDHCI device emulation
- debian/patches/CVE-2024-3447.patch: do not update TRNMOD when Command
Inhibit (DAT) is set in hw/sd/sdhci.c.
- CVE-2024-3447
* SECURITY UPDATE: assert failure in checksum calculation
- debian/patches/CVE-2024-3567.patch: fix overrun in
update_sctp_checksum() in hw/net/net_tx_pkt.c.
- CVE-2024-3567
* SECURITY UPDATE: resource consumption in disk utility
- debian/patches/CVE-2024-4467-1.patch: don't open data_file with
BDRV_O_NO_IO in block/qcow2.c, tests/qemu-iotests/061*.
- debian/patches/CVE-2024-4467-2.patch: don't store data-file with
protocol in image in tests/qemu-iotests/244.
- debian/patches/CVE-2024-4467-3.patch: don't store data-file with
json: prefix in image in tests/qemu-iotests/270.
- debian/patches/CVE-2024-4467-4.patch: parse filenames only when
explicitly requested in block.c.
- CVE-2024-4467
* SECURITY UPDATE: heap overflow in virtio-net device RSS feature
- debian/patches/CVE-2024-6505.patch: ensure queue index fits with RSS
in hw/net/virtio-net.c.
- CVE-2024-6505
* SECURITY UPDATE: Dos via improper synchronization during socket closure
- debian/patches/CVE-2024-7409-1.patch: plumb in new args to
nbd_client_add() in blockdev-nbd.c, include/block/nbd.h,
nbd/server.c, qemu-nbd.c.
- debian/patches/CVE-2024-7409-2.patch: cap default max-connections to
100 in block/monitor/block-hmp-cmds.c, blockdev-nbd.c,
include/block/nbd.h, qapi/block-export.json.
- debian/patches/CVE-2024-7409-3.patch: close stray clients at
server-stop in blockdev-nbd.c.
- debian/patches/CVE-2024-7409-4.patch: drop non-negotiating clients in
nbd/server.c, nbd/trace-events.
- debian/patches/CVE-2024-7409-5.patch: avoid use-after-free when
closing server in blockdev-nbd.c.
- CVE-2024-7409
* SECURITY UPDATE: DoS via assert failure in usb_ep_get()
- debian/patches/CVE-2024-8354.patch: change ohci validation in
hw/usb/hcd-ohci.c, hw/usb/trace-events.
- CVE-2024-8354
* SECURITY UPDATE: possibly binfmt privilege escalation (LP: #2120814)
- debian/binfmt-install: stop using C (Credentials) flag for
binfmt_misc registration.
-- Marc Deslauriers <[email protected]> Mon, 25 Aug 2025
14:10:37 -0400
** Changed in: qemu (Ubuntu Jammy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120814
Title:
binfmt_misc C (Credentials) flag as security risk with setuid binaries
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2120814/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
