{"id":"USN-6567-1","summary":"qemu vulnerabilities","details":"Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the\nUSB xHCI controller device. A privileged guest attacker could possibly use\nthis issue to cause QEMU to crash, leading to a denial of service. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)\n\nIt was discovered that QEMU incorrectly handled the TCG Accelerator. A\nlocal attacker could use this issue to cause QEMU to crash, leading to a\ndenial of service, or possibly execute arbitrary code and esclate\nprivileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)\n\nIt was discovered that QEMU incorrectly handled the Intel HD audio device.\nA malicious guest attacker could use this issue to cause QEMU to crash,\nleading to a denial of service. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2021-3611)\n\nIt was discovered that QEMU incorrectly handled the ATI VGA device. A\nmalicious guest attacker could use this issue to cause QEMU to crash,\nleading to a denial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-3638)\n\nIt was discovered that QEMU incorrectly handled the VMWare paravirtual RDMA\ndevice. A malicious guest attacker could use this issue to cause QEMU to\ncrash, leading to a denial of service. (CVE-2023-1544)\n\nIt was discovered that QEMU incorrectly handled the 9p passthrough\nfilesystem. A malicious guest attacker could possibly use this issue to\nopen special files and escape the exported 9p tree. This issue only\naffected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.\n(CVE-2023-2861)\n\nIt was discovered that QEMU incorrectly handled the virtual crypto device.\nA malicious guest attacker could use this issue to cause QEMU to crash,\nleading to a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.\n(CVE-2023-3180)\n\nIt was discovered that QEMU incorrectly handled the built-in VNC server.\nA remote authenticated attacker could possibly use this issue to cause QEMU\nto stop responding, resulting in a denial of service. This issue only\naffected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3255)\n\nIt was discovered that QEMU incorrectly handled net device hot-unplugging.\nA malicious guest attacker could use this issue to cause QEMU to crash,\nleading to a denial of service. This issue only affected Ubuntu 22.04 LTS\nand Ubuntu 23.04. (CVE-2023-3301)\n\nIt was discovered that QEMU incorrectly handled the built-in VNC server.\nA remote attacker could possibly use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 20.04\nLTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-3354)\n\nIt was discovered that QEMU incorrectly handled NVME devices. A malicious\nguest attacker could use this issue to cause QEMU to crash, leading to a\ndenial of service. This issue only affected Ubuntu 23.10. (CVE-2023-40360)\n\nIt was discovered that QEMU incorrectly handled NVME devices. A malicious\nguest attacker could use this issue to cause QEMU to crash, leading to a\ndenial of service, or possibly obtain sensitive information. This issue\nonly affected Ubuntu 23.10. (CVE-2023-4135)\n\nIt was discovered that QEMU incorrectly handled SCSI devices. A malicious\nguest attacker could use this issue to cause QEMU to crash, leading to a\ndenial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.\n(CVE-2023-42467)\n\nIt was discovered that QEMU incorrectly handled certain disk offsets. A\nmalicious guest attacker could possibly use this issue to gain control of\nthe host in certain nested virtualization scenarios. (CVE-2023-5088)\n","modified":"2026-02-10T04:43:27Z","published":"2024-01-08T17:46:08Z","related":["UBUNTU-CVE-2020-14394","UBUNTU-CVE-2020-24165","UBUNTU-CVE-2021-3611","UBUNTU-CVE-2021-3638","UBUNTU-CVE-2023-1544","UBUNTU-CVE-2023-2861","UBUNTU-CVE-2023-3180","UBUNTU-CVE-2023-3255","UBUNTU-CVE-2023-3301","UBUNTU-CVE-2023-3354","UBUNTU-CVE-2023-5088"],"upstream":["CVE-2020-14394","CVE-2020-24165","CVE-2021-3611","CVE-2021-3638","CVE-2023-1544","CVE-2023-2861","CVE-2023-3180","CVE-2023-3255","CVE-2023-3301","CVE-2023-3354","CVE-2023-5088","UBUNTU-CVE-2020-14394","UBUNTU-CVE-2020-24165","UBUNTU-CVE-2021-3611","UBUNTU-CVE-2021-3638","UBUNTU-CVE-2023-1544","UBUNTU-CVE-2023-2861","UBUNTU-CVE-2023-3180","UBUNTU-CVE-2023-3255","UBUNTU-CVE-2023-3301","UBUNTU-CVE-2023-3354","UBUNTU-CVE-2023-40360","UBUNTU-CVE-2023-4135","UBUNTU-CVE-2023-42467","UBUNTU-CVE-2023-5088"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6567-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14394"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-24165"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3611"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3638"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1544"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2861"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3180"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3255"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3301"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3354"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-4135"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-5088"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-40360"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-42467"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.28?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2-3ubuntu6.28"}]}],"versions":["1:4.0+dfsg-0ubuntu9","1:4.0+dfsg-0ubuntu10","1:4.2-1ubuntu1","1:4.2-1ubuntu2","1:4.2-3ubuntu1","1:4.2-3ubuntu2","1:4.2-3ubuntu3","1:4.2-3ubuntu4","1:4.2-3ubuntu5","1:4.2-3ubuntu6","1:4.2-3ubuntu6.1","1:4.2-3ubuntu6.2","1:4.2-3ubuntu6.3","1:4.2-3ubuntu6.4","1:4.2-3ubuntu6.5","1:4.2-3ubuntu6.6","1:4.2-3ubuntu6.7","1:4.2-3ubuntu6.8","1:4.2-3ubuntu6.9","1:4.2-3ubuntu6.10","1:4.2-3ubuntu6.11","1:4.2-3ubuntu6.12","1:4.2-3ubuntu6.14","1:4.2-3ubuntu6.15","1:4.2-3ubuntu6.16","1:4.2-3ubuntu6.17","1:4.2-3ubuntu6.18","1:4.2-3ubuntu6.19","1:4.2-3ubuntu6.21","1:4.2-3ubuntu6.23","1:4.2-3ubuntu6.24","1:4.2-3ubuntu6.25","1:4.2-3ubuntu6.26","1:4.2-3ubuntu6.27"],"ecosystem_specific":{"binaries":[{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-block-extra"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-guest-agent"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-kvm"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-arm"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-common"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-data"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-gui"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-mips"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-misc"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-ppc"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-s390x"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-sparc"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-x86"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-x86-microvm"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-system-x86-xen"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-user"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-user-binfmt"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-user-static"},{"binary_version":"1:4.2-3ubuntu6.28","binary_name":"qemu-utils"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6567-1.json","cves_map":{"cves":[{"id":"CVE-2020-14394","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-24165","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-3638","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-1544","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2861","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-3180","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3354","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-5088","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"qemu","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:6.2+dfsg-2ubuntu6.16?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:6.2+dfsg-2ubuntu6.16"}]}],"versions":["1:6.0+dfsg-2expubuntu1","1:6.0+dfsg-2expubuntu2","1:6.0+dfsg-2expubuntu4","1:6.2+dfsg-2ubuntu5","1:6.2+dfsg-2ubuntu6","1:6.2+dfsg-2ubuntu6.1","1:6.2+dfsg-2ubuntu6.2","1:6.2+dfsg-2ubuntu6.3","1:6.2+dfsg-2ubuntu6.4","1:6.2+dfsg-2ubuntu6.5","1:6.2+dfsg-2ubuntu6.6","1:6.2+dfsg-2ubuntu6.7","1:6.2+dfsg-2ubuntu6.8","1:6.2+dfsg-2ubuntu6.9","1:6.2+dfsg-2ubuntu6.10","1:6.2+dfsg-2ubuntu6.11","1:6.2+dfsg-2ubuntu6.12","1:6.2+dfsg-2ubuntu6.13","1:6.2+dfsg-2ubuntu6.14","1:6.2+dfsg-2ubuntu6.15"],"ecosystem_specific":{"binaries":[{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-block-extra"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-guest-agent"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-arm"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-common"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-data"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-gui"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-mips"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-misc"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-ppc"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-s390x"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-sparc"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-x86"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-x86-microvm"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-system-x86-xen"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-user"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-user-binfmt"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-user-static"},{"binary_version":"1:6.2+dfsg-2ubuntu6.16","binary_name":"qemu-utils"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6567-1.json","cves_map":{"cves":[{"id":"CVE-2020-14394","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-3611","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-1544","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2861","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-3180","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3255","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-3301","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3354","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-5088","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.3"}