Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2024-4693
Vulnerability from osv_ubuntu
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu-block-extra",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-block-supplemental",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-modules-opengl",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-modules-spice",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-xen",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:8.2.2+ds-0ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2.2+ds-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.0.4+dfsg-1ubuntu3",
"1:8.0.4+dfsg-1ubuntu4",
"1:8.0.4+dfsg-1ubuntu5",
"1:8.1.3+ds-1ubuntu2",
"1:8.2.1+ds-1ubuntu1",
"1:8.2.1+ds-1ubuntu8",
"1:8.2.1+ds-1ubuntu9",
"1:8.2.2+ds-0ubuntu1",
"1:8.2.2+ds-0ubuntu1.2"
]
}
],
"aliases": [],
"details": "A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.",
"id": "UBUNTU-CVE-2024-4693",
"modified": "2025-09-08T16:58:54Z",
"published": "2024-05-14T15:44:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-4693"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4693"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7094-1"
}
],
"related": [
"USN-7094-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-4693"
]
}
CVE-2024-4693 (GCVE-0-2024-4693)
Vulnerability from cvelistv5 – Published: 2024-05-10 12:57 – Updated: 2025-11-08 07:13- CWE-672 - Operation on a Resource after Expiration or Release
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-4693 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2279965 | issue-trackingx_refsource_REDHAT |
| https://security.netapp.com/advisory/ntap-2024082… |
| Vendor | Product | Version | |
|---|---|---|---|
|
Unaffected:
7eeb62b0ce3a8f64647bf53f93903abd1fbb0b94 , < *
(git)
|
|||
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 Advanced Virtualization |
cpe:/a:redhat:advanced_virtualization:8::el8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:18:57.606294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:38.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-28T15:02:50.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4693"
},
{
"name": "RHBZ#2279965",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279965"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240828-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"packageName": "qemu",
"repo": "https://gitlab.com/qemu-project/qemu",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7eeb62b0ce3a8f64647bf53f93903abd1fbb0b94",
"versionType": "git"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unknown",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T07:13:46.427Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4693"
},
{
"name": "RHBZ#2279965",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279965"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-10T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-05-10T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash",
"x_redhatCweChain": "CWE-672: Operation on a Resource after Expiration or Release"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-4693",
"datePublished": "2024-05-10T12:57:41.445Z",
"dateReserved": "2024-05-09T14:49:40.107Z",
"dateUpdated": "2025-11-08T07:13:46.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-7094-1
Vulnerability from osv_ubuntu
It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-20382)
It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-13765)
Aviv Sasson discovered that QEMU incorrectly handled Slirp networking. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1983)
It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service (application crash) or potential execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-7039)
It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-8608)
It was discovered that QEMU SLiRP networking incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3592, CVE-2021-3594)
It was discovered that QEMU had a DMA reentrancy issue, leading to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3019)
It was discovered that QEMU had a flaw in Virtio PCI Bindings, leading to a triggerable crash via vhost_net_stop. An attacker inside a guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-4693)
It was discovered that QEMU incorrectly handled memory in virtio-sound, leading to a heap-based buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-7730)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-20382",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-1983",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-7039",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-8608",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13765",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3592",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3594",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3019",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-7730",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm4?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47",
"2.0.0+dfsg-2ubuntu1.47+esm1",
"2.0.0+dfsg-2ubuntu1.47+esm2",
"2.0.0+dfsg-2ubuntu1.47+esm3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-3592",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3594",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3019",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-7730",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.51+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.51+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.51+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44",
"1:2.5+dfsg-5ubuntu10.45",
"1:2.5+dfsg-5ubuntu10.46",
"1:2.5+dfsg-5ubuntu10.47",
"1:2.5+dfsg-5ubuntu10.48",
"1:2.5+dfsg-5ubuntu10.49",
"1:2.5+dfsg-5ubuntu10.51",
"1:2.5+dfsg-5ubuntu10.51+esm1",
"1:2.5+dfsg-5ubuntu10.51+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-3019",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-7730",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.42+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.42+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.42+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29",
"1:2.11+dfsg-1ubuntu7.31",
"1:2.11+dfsg-1ubuntu7.32",
"1:2.11+dfsg-1ubuntu7.33",
"1:2.11+dfsg-1ubuntu7.34",
"1:2.11+dfsg-1ubuntu7.35",
"1:2.11+dfsg-1ubuntu7.36",
"1:2.11+dfsg-1ubuntu7.37",
"1:2.11+dfsg-1ubuntu7.38",
"1:2.11+dfsg-1ubuntu7.39",
"1:2.11+dfsg-1ubuntu7.40",
"1:2.11+dfsg-1ubuntu7.41",
"1:2.11+dfsg-1ubuntu7.42",
"1:2.11+dfsg-1ubuntu7.42+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-3019",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-7730",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.30"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.30"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.30?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.30"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3",
"1:4.2-3ubuntu6.4",
"1:4.2-3ubuntu6.5",
"1:4.2-3ubuntu6.6",
"1:4.2-3ubuntu6.7",
"1:4.2-3ubuntu6.8",
"1:4.2-3ubuntu6.9",
"1:4.2-3ubuntu6.10",
"1:4.2-3ubuntu6.11",
"1:4.2-3ubuntu6.12",
"1:4.2-3ubuntu6.14",
"1:4.2-3ubuntu6.15",
"1:4.2-3ubuntu6.16",
"1:4.2-3ubuntu6.17",
"1:4.2-3ubuntu6.18",
"1:4.2-3ubuntu6.19",
"1:4.2-3ubuntu6.21",
"1:4.2-3ubuntu6.23",
"1:4.2-3ubuntu6.24",
"1:4.2-3ubuntu6.25",
"1:4.2-3ubuntu6.26",
"1:4.2-3ubuntu6.27",
"1:4.2-3ubuntu6.28",
"1:4.2-3ubuntu6.29"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-3019",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-7730",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-user",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:6.2+dfsg-2ubuntu6.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:6.2+dfsg-2ubuntu6.24?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.2+dfsg-2ubuntu6.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:6.0+dfsg-2expubuntu1",
"1:6.0+dfsg-2expubuntu2",
"1:6.0+dfsg-2expubuntu4",
"1:6.2+dfsg-2ubuntu5",
"1:6.2+dfsg-2ubuntu6",
"1:6.2+dfsg-2ubuntu6.1",
"1:6.2+dfsg-2ubuntu6.2",
"1:6.2+dfsg-2ubuntu6.3",
"1:6.2+dfsg-2ubuntu6.4",
"1:6.2+dfsg-2ubuntu6.5",
"1:6.2+dfsg-2ubuntu6.6",
"1:6.2+dfsg-2ubuntu6.7",
"1:6.2+dfsg-2ubuntu6.8",
"1:6.2+dfsg-2ubuntu6.9",
"1:6.2+dfsg-2ubuntu6.10",
"1:6.2+dfsg-2ubuntu6.11",
"1:6.2+dfsg-2ubuntu6.12",
"1:6.2+dfsg-2ubuntu6.13",
"1:6.2+dfsg-2ubuntu6.14",
"1:6.2+dfsg-2ubuntu6.15",
"1:6.2+dfsg-2ubuntu6.16",
"1:6.2+dfsg-2ubuntu6.17",
"1:6.2+dfsg-2ubuntu6.18",
"1:6.2+dfsg-2ubuntu6.19",
"1:6.2+dfsg-2ubuntu6.21",
"1:6.2+dfsg-2ubuntu6.22",
"1:6.2+dfsg-2ubuntu6.23"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-4693",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-7730",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu-block-extra",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-block-supplemental",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-modules-opengl",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-modules-spice",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-system-xen",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:8.2.2+ds-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:8.2.2+ds-0ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2.2+ds-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.0.4+dfsg-1ubuntu3",
"1:8.0.4+dfsg-1ubuntu4",
"1:8.0.4+dfsg-1ubuntu5",
"1:8.1.3+ds-1ubuntu2",
"1:8.2.1+ds-1ubuntu1",
"1:8.2.1+ds-1ubuntu8",
"1:8.2.1+ds-1ubuntu9",
"1:8.2.2+ds-0ubuntu1",
"1:8.2.2+ds-0ubuntu1.2"
]
}
],
"aliases": [],
"details": "It was discovered that QEMU incorrectly handled memory during certain VNC\noperations. A remote attacker could possibly use this issue to cause QEMU\nto consume resources, resulting in a denial of service. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2019-20382)\n\nIt was discovered that QEMU incorrectly handled certain memory copy\noperations when loading ROM contents. If a user were tricked into running\nan untrusted kernel image, a remote attacker could possibly use this issue\nto run arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2020-13765)\n\nAviv Sasson discovered that QEMU incorrectly handled Slirp networking. A\nremote attacker could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2020-1983)\n\nIt was discovered that the SLiRP networking implementation of the QEMU\nemulator did not properly manage memory under certain circumstances. An\nattacker could use this to cause a heap-based buffer overflow or other out-\nof-bounds access, which can lead to a denial of service (application crash)\nor potential execute arbitrary code. This issue only affected\nUbuntu 14.04 LTS. (CVE-2020-7039)\n\nIt was discovered that the SLiRP networking implementation of the QEMU\nemulator misuses snprintf return values. An attacker could use this to\ncause a denial of service (application crash) or potentially execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-8608)\n\nIt was discovered that QEMU SLiRP networking incorrectly handled certain\nudp packets. An attacker inside a guest could possibly use this issue to\nleak sensitive information from the host. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3592, CVE-2021-3594)\n\nIt was discovered that QEMU had a DMA reentrancy issue, leading to a\nuse-after-free vulnerability. An attacker could possibly use this issue\nto cause a denial of service. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3019)\n\nIt was discovered that QEMU had a flaw in Virtio PCI Bindings, leading\nto a triggerable crash via vhost_net_stop. An attacker inside a guest\ncould possibly use this issue to cause a denial of service. This issue\nonly affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-4693)\n\nIt was discovered that QEMU incorrectly handled memory in virtio-sound,\nleading to a heap-based buffer overflow. An attacker could possibly use\nthis issue to cause a denial of service or execute arbitrary code. This\nissue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-7730)\n",
"id": "USN-7094-1",
"modified": "2026-06-29T10:53:20Z",
"published": "2024-11-08T01:42:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7094-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-20382"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-1983"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-7039"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-8608"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13765"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3592"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3594"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-3019"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-4693"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-7730"
},
{
"type": "REPORT",
"url": "https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2084210"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qemu vulnerabilities",
"upstream": [
"UBUNTU-CVE-2019-20382",
"UBUNTU-CVE-2020-1983",
"UBUNTU-CVE-2020-7039",
"UBUNTU-CVE-2020-8608",
"UBUNTU-CVE-2020-13765",
"UBUNTU-CVE-2021-3592",
"UBUNTU-CVE-2021-3594",
"UBUNTU-CVE-2023-3019",
"UBUNTU-CVE-2024-4693",
"UBUNTU-CVE-2024-7730"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.