USN-7744-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 11 Sept 2025, 12:41
Last modified:27 Apr 2026, 18:33

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Sept 2025, 12:41
Published
Vulnerability first disclosed
27 Apr 2026, 18:33
Last Modified
Vulnerability information updated

Description

qemu vulnerabilities It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446) It was discovered that QEMU incorrectly handled SDHCI device emulation. A guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3447) It was discovered that QEMU incorrectly handled calculating the checksum of a short-sized fragmented packet. A guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-3567) It was discovered that the QEMU qemu-img utility incorrectly handled certain crafted image files. An attacker could use this issue to cause QEMU to consume resources, leading to a denial of service, or possibly read and write to an existing external file. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-4467) It was discovered that QEMU incorrectly handled the RSS feature on virtio-net devices. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-6505) It was discovered that QEMU incorrectly handled the NBD server. An attacker could use this issue to cause QEMU to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-7409) It was discovered that QEMU incorrectly handled certain USB devices. A guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-8354) It was discovered that the QEMU package incorrectly set up a binfmt_misc registration with the C (Credential) flag. A local attacker could use this with a suid/sgid binary to escalate privileges. This update will no longer run foreign-architecture binaries with suid/sgid with elevated privileges.

Affected Systems

  • ubuntuqemu

    < 1:6.2+dfsg-2ubuntu6.27 | < 1:8.2.2+ds-0ubuntu1.10

References (9)