{"id":"USN-7744-1","summary":"qemu vulnerabilities","details":"It was discovered that QEMU incorrectly handled certain virtio devices. A\nprivileged guest attacker could use this issue to cause QEMU to crash,\nleading to a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446)\n\nIt was discovered that QEMU incorrectly handled SDHCI device emulation. A\nguest attacker could possibly use this issue to cause QEMU to crash,\nleading to a denial of service. This issue only affected Ubuntu 22.04 LTS\nand Ubuntu 24.04 LTS. (CVE-2024-3447)\n\nIt was discovered that QEMU incorrectly handled calculating the checksum\nof a short-sized fragmented packet. A guest attacker could possibly use\nthis issue to cause QEMU to crash, leading to a denial of service. This\nissue only affected Ubuntu 24.04 LTS. (CVE-2024-3567)\n\nIt was discovered that the QEMU qemu-img utility incorrectly handled\ncertain crafted image files. An attacker could use this issue to cause QEMU\nto consume resources, leading to a denial of service, or possibly read and\nwrite to an existing external file. This issue only affected Ubuntu 22.04\nLTS and Ubuntu 24.04 LTS. (CVE-2024-4467)\n\nIt was discovered that QEMU incorrectly handled the RSS feature on\nvirtio-net devices. A privileged guest attacker could possibly use this\nissue to cause QEMU to crash, leading to a denial of service. This\nissue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-6505)\n\nIt was discovered that QEMU incorrectly handled the NBD server. An attacker\ncould use this issue to cause QEMU to consume resources, leading to a\ndenial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu\n24.04 LTS. (CVE-2024-7409)\n\nIt was discovered that QEMU incorrectly handled certain USB devices. A\nguest attacker could possibly use this issue to cause QEMU to crash,\nleading to a denial of service. This issue only affected Ubuntu 22.04 LTS\nand Ubuntu 24.04 LTS. (CVE-2024-8354)\n\nIt was discovered that the QEMU package incorrectly set up a binfmt_misc\nregistration with the C (Credential) flag. A local attacker could use this\nwith a suid/sgid binary to escalate privileges. This update will no longer\nrun foreign-architecture binaries with suid/sgid with elevated privileges.","modified":"2026-04-27T17:47:20.802868689Z","published":"2025-09-11T12:41:28Z","related":["UBUNTU-CVE-2024-3446","UBUNTU-CVE-2024-3447","UBUNTU-CVE-2024-3567","UBUNTU-CVE-2024-4467","UBUNTU-CVE-2024-6505","UBUNTU-CVE-2024-7409","UBUNTU-CVE-2024-8354"],"upstream":["CVE-2024-3446","CVE-2024-3447","CVE-2024-3567","CVE-2024-4467","CVE-2024-6505","CVE-2024-7409","CVE-2024-8354","UBUNTU-CVE-2024-3446","UBUNTU-CVE-2024-3447","UBUNTU-CVE-2024-3567","UBUNTU-CVE-2024-4467","UBUNTU-CVE-2024-6505","UBUNTU-CVE-2024-7409","UBUNTU-CVE-2024-8354"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7744-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-3446"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-3447"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-3567"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-4467"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-6505"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-7409"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-8354"},{"type":"REPORT","url":"https://bugs.launchpad.net/bugs/2120814"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:6.2+dfsg-2ubuntu6.27?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:6.2+dfsg-2ubuntu6.27"}]}],"versions":["1:6.0+dfsg-2expubuntu1","1:6.0+dfsg-2expubuntu2","1:6.0+dfsg-2expubuntu4","1:6.2+dfsg-2ubuntu5","1:6.2+dfsg-2ubuntu6","1:6.2+dfsg-2ubuntu6.1","1:6.2+dfsg-2ubuntu6.2","1:6.2+dfsg-2ubuntu6.3","1:6.2+dfsg-2ubuntu6.4","1:6.2+dfsg-2ubuntu6.5","1:6.2+dfsg-2ubuntu6.6","1:6.2+dfsg-2ubuntu6.7","1:6.2+dfsg-2ubuntu6.8","1:6.2+dfsg-2ubuntu6.9","1:6.2+dfsg-2ubuntu6.10","1:6.2+dfsg-2ubuntu6.11","1:6.2+dfsg-2ubuntu6.12","1:6.2+dfsg-2ubuntu6.13","1:6.2+dfsg-2ubuntu6.14","1:6.2+dfsg-2ubuntu6.15","1:6.2+dfsg-2ubuntu6.16","1:6.2+dfsg-2ubuntu6.17","1:6.2+dfsg-2ubuntu6.18","1:6.2+dfsg-2ubuntu6.19","1:6.2+dfsg-2ubuntu6.21","1:6.2+dfsg-2ubuntu6.22","1:6.2+dfsg-2ubuntu6.23","1:6.2+dfsg-2ubuntu6.24","1:6.2+dfsg-2ubuntu6.25","1:6.2+dfsg-2ubuntu6.26"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"qemu","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-block-extra","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-guest-agent","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-arm","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-common","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-data","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-gui","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-mips","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-misc","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-ppc","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-s390x","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-sparc","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-x86","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-x86-microvm","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-system-x86-xen","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-user","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-user-binfmt","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-user-static","binary_version":"1:6.2+dfsg-2ubuntu6.27"},{"binary_name":"qemu-utils","binary_version":"1:6.2+dfsg-2ubuntu6.27"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7744-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-3446"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-3447"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-4467"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-6505"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-7409"}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"qemu","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:8.2.2+ds-0ubuntu1.10?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:8.2.2+ds-0ubuntu1.10"}]}],"versions":["1:8.0.4+dfsg-1ubuntu3","1:8.0.4+dfsg-1ubuntu4","1:8.0.4+dfsg-1ubuntu5","1:8.1.3+ds-1ubuntu2","1:8.2.1+ds-1ubuntu1","1:8.2.1+ds-1ubuntu8","1:8.2.1+ds-1ubuntu9","1:8.2.2+ds-0ubuntu1","1:8.2.2+ds-0ubuntu1.2","1:8.2.2+ds-0ubuntu1.4","1:8.2.2+ds-0ubuntu1.5","1:8.2.2+ds-0ubuntu1.6","1:8.2.2+ds-0ubuntu1.7","1:8.2.2+ds-0ubuntu1.8","1:8.2.2+ds-0ubuntu1.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"qemu-block-extra","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-block-supplemental","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-guest-agent","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-arm","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-common","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-data","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-gui","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-mips","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-misc","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-modules-opengl","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-modules-spice","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-ppc","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-s390x","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-sparc","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-x86","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-x86-xen","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-system-xen","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-user","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-user-binfmt","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-user-static","binary_version":"1:8.2.2+ds-0ubuntu1.10"},{"binary_name":"qemu-utils","binary_version":"1:8.2.2+ds-0ubuntu1.10"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7744-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-3446"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-3447"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-3567"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-4467"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-6505"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-7409"}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.5"}