{"id":"USN-3575-2","summary":"qemu regression","details":"USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused\na regression in Xen environments. This update removes the problematic fix\npending further investigation.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that QEMU incorrectly handled guest ram. A privileged\n attacker inside the guest could use this issue to cause QEMU to crash,\n resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\n and Ubuntu 16.04 LTS. (CVE-2017-11334)\n \n David Buchanan discovered that QEMU incorrectly handled the VGA device. A\n privileged attacker inside the guest could use this issue to cause QEMU to\n crash, resulting in a denial of service. This issue was only addressed in\n Ubuntu 17.10. (CVE-2017-13672)\n \n Thomas Garnier discovered that QEMU incorrectly handled multiboot. An\n attacker could use this issue to cause QEMU to crash, resulting in a denial\n of service, or possibly execute arbitrary code on the host. In the default\n installation, when QEMU is used with libvirt, attackers would be isolated\n by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS\n and Ubuntu 16.04 LTS. (CVE-2017-14167)\n \n Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory\n sharing. An attacker could use this issue to obtain sensitive information\n from host memory. (CVE-2017-15038)\n \n Eric Blake discovered that QEMU incorrectly handled memory in the\n NBD server. An attacker could use this issue to cause the NBD server to\n crash, resulting in a denial of service. This issue only affected Ubuntu\n 17.10. (CVE-2017-15118)\n \n Eric Blake discovered that QEMU incorrectly handled certain options to the\n NBD server. An attacker could use this issue to cause the NBD server to\n crash, resulting in a denial of service. This issue only affected Ubuntu\n 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119)\n \n Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A\n remote attacker could possibly use this issue to consume memory, resulting\n in a denial of service. This issue was only addressed in Ubuntu 17.10.\n (CVE-2017-15124)\n \n Carl Brassey discovered that QEMU incorrectly handled certain websockets. A\n remote attacker could possibly use this issue to consume memory, resulting\n in a denial of service. This issue only affected Ubuntu 17.10.\n (CVE-2017-15268)\n \n Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA\n device. A privileged attacker inside the guest could use this issue to\n cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289)\n \n Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values\n during migration. An attacker could possibly use this issue to cause QEMU\n to crash, resulting in a denial of service, or possibly execute arbitrary\n code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.\n (CVE-2017-16845)\n \n It was discovered that QEMU incorrectly handled the Virtio Vring\n implementation. An attacker could possibly use this issue to cause QEMU to\n crash, resulting in a denial of service. This issue only affected Ubuntu\n 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381)\n \n Eric Blake discovered that QEMU incorrectly handled certain rounding\n operations. An attacker could possibly use this issue to cause QEMU to\n crash, resulting in a denial of service. This issue only affected Ubuntu\n 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043)\n \n Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the\n VGA device. A privileged attacker inside the guest could use this issue to\n cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683)\n","modified":"2026-02-10T04:41:16Z","published":"2018-03-05T09:43:27Z","related":["UBUNTU-CVE-2017-11334"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3575-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1752761"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.40?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.40"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2","2.0.0+dfsg-2ubuntu1.3","2.0.0+dfsg-2ubuntu1.5","2.0.0+dfsg-2ubuntu1.6","2.0.0+dfsg-2ubuntu1.7","2.0.0+dfsg-2ubuntu1.8","2.0.0+dfsg-2ubuntu1.9","2.0.0+dfsg-2ubuntu1.10","2.0.0+dfsg-2ubuntu1.11","2.0.0+dfsg-2ubuntu1.13","2.0.0+dfsg-2ubuntu1.14","2.0.0+dfsg-2ubuntu1.15","2.0.0+dfsg-2ubuntu1.16","2.0.0+dfsg-2ubuntu1.17","2.0.0+dfsg-2ubuntu1.18","2.0.0+dfsg-2ubuntu1.19","2.0.0+dfsg-2ubuntu1.20","2.0.0+dfsg-2ubuntu1.21","2.0.0+dfsg-2ubuntu1.22","2.0.0+dfsg-2ubuntu1.24","2.0.0+dfsg-2ubuntu1.25","2.0.0+dfsg-2ubuntu1.26","2.0.0+dfsg-2ubuntu1.27","2.0.0+dfsg-2ubuntu1.28","2.0.0+dfsg-2ubuntu1.29","2.0.0+dfsg-2ubuntu1.30","2.0.0+dfsg-2ubuntu1.31","2.0.0+dfsg-2ubuntu1.32","2.0.0+dfsg-2ubuntu1.33","2.0.0+dfsg-2ubuntu1.34","2.0.0+dfsg-2ubuntu1.35","2.0.0+dfsg-2ubuntu1.36","2.0.0+dfsg-2ubuntu1.38","2.0.0+dfsg-2ubuntu1.39"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-guest-agent"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-keymaps"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-kvm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-aarch64"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-arm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-mips"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-misc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-ppc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-sparc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-system-x86"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-user"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-user-static"},{"binary_version":"2.0.0+dfsg-2ubuntu1.40","binary_name":"qemu-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3575-2.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"qemu","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.24?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.5+dfsg-5ubuntu10.24"}]}],"versions":["1:2.3+dfsg-5ubuntu9","1:2.3+dfsg-5ubuntu10","1:2.4+dfsg-4ubuntu1","1:2.4+dfsg-4ubuntu2","1:2.4+dfsg-4ubuntu3","1:2.4+dfsg-5ubuntu3","1:2.5+dfsg-1ubuntu2","1:2.5+dfsg-1ubuntu3","1:2.5+dfsg-1ubuntu4","1:2.5+dfsg-1ubuntu5","1:2.5+dfsg-5ubuntu1","1:2.5+dfsg-5ubuntu2","1:2.5+dfsg-5ubuntu4","1:2.5+dfsg-5ubuntu6","1:2.5+dfsg-5ubuntu7","1:2.5+dfsg-5ubuntu10","1:2.5+dfsg-5ubuntu10.1","1:2.5+dfsg-5ubuntu10.2","1:2.5+dfsg-5ubuntu10.3","1:2.5+dfsg-5ubuntu10.4","1:2.5+dfsg-5ubuntu10.5","1:2.5+dfsg-5ubuntu10.6","1:2.5+dfsg-5ubuntu10.7","1:2.5+dfsg-5ubuntu10.8","1:2.5+dfsg-5ubuntu10.9","1:2.5+dfsg-5ubuntu10.10","1:2.5+dfsg-5ubuntu10.11","1:2.5+dfsg-5ubuntu10.13","1:2.5+dfsg-5ubuntu10.14","1:2.5+dfsg-5ubuntu10.15","1:2.5+dfsg-5ubuntu10.16","1:2.5+dfsg-5ubuntu10.20","1:2.5+dfsg-5ubuntu10.21","1:2.5+dfsg-5ubuntu10.22"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-block-extra"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-guest-agent"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-kvm"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-aarch64"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-arm"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-common"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-mips"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-misc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-ppc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-s390x"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-sparc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-system-x86"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-user"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-user-binfmt"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-user-static"},{"binary_version":"1:2.5+dfsg-5ubuntu10.24","binary_name":"qemu-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3575-2.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}