usn-8161-1
Vulnerability from osv_ubuntu
It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-6519)
It was discovered that QEMU could be made to read out of bounds when reading VMDK images. If a user or an automated system were tricked into opening a specially crafted VMDK image, an attacker could possibly use this issue to leak sensitive informaton or cause QEMU to crash, resulting in a denial of service. (CVE-2026-2243)
It was discovered that the virtio-snd device implementation of QEMU could be made to write out of bounds. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3195)
It was discovered that the virtio-snd device implementation of QEMU contained an arithmetic overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3196)
It was discovered that the Hyper-V Synthetic Debugging device implementation of QEMU could me made to write out of bounds. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3842)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-6519",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-2243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-user",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:6.2+dfsg-2ubuntu6.30"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:6.2+dfsg-2ubuntu6.30?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.2+dfsg-2ubuntu6.30"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:6.0+dfsg-2expubuntu1",
"1:6.0+dfsg-2expubuntu2",
"1:6.0+dfsg-2expubuntu4",
"1:6.2+dfsg-2ubuntu5",
"1:6.2+dfsg-2ubuntu6",
"1:6.2+dfsg-2ubuntu6.1",
"1:6.2+dfsg-2ubuntu6.2",
"1:6.2+dfsg-2ubuntu6.3",
"1:6.2+dfsg-2ubuntu6.4",
"1:6.2+dfsg-2ubuntu6.5",
"1:6.2+dfsg-2ubuntu6.6",
"1:6.2+dfsg-2ubuntu6.7",
"1:6.2+dfsg-2ubuntu6.8",
"1:6.2+dfsg-2ubuntu6.9",
"1:6.2+dfsg-2ubuntu6.10",
"1:6.2+dfsg-2ubuntu6.11",
"1:6.2+dfsg-2ubuntu6.12",
"1:6.2+dfsg-2ubuntu6.13",
"1:6.2+dfsg-2ubuntu6.14",
"1:6.2+dfsg-2ubuntu6.15",
"1:6.2+dfsg-2ubuntu6.16",
"1:6.2+dfsg-2ubuntu6.17",
"1:6.2+dfsg-2ubuntu6.18",
"1:6.2+dfsg-2ubuntu6.19",
"1:6.2+dfsg-2ubuntu6.21",
"1:6.2+dfsg-2ubuntu6.22",
"1:6.2+dfsg-2ubuntu6.23",
"1:6.2+dfsg-2ubuntu6.24",
"1:6.2+dfsg-2ubuntu6.25",
"1:6.2+dfsg-2ubuntu6.26",
"1:6.2+dfsg-2ubuntu6.27",
"1:6.2+dfsg-2ubuntu6.28",
"1:6.2+dfsg-2ubuntu6.29"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-6519",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-2243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3195",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3196",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3842",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu-block-extra",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-block-supplemental",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-modules-opengl",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-modules-spice",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-system-xen",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-user",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:8.2.2+ds-0ubuntu1.16"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:8.2.2+ds-0ubuntu1.16?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2.2+ds-0ubuntu1.16"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.0.4+dfsg-1ubuntu3",
"1:8.0.4+dfsg-1ubuntu4",
"1:8.0.4+dfsg-1ubuntu5",
"1:8.1.3+ds-1ubuntu2",
"1:8.2.1+ds-1ubuntu1",
"1:8.2.1+ds-1ubuntu8",
"1:8.2.1+ds-1ubuntu9",
"1:8.2.2+ds-0ubuntu1",
"1:8.2.2+ds-0ubuntu1.2",
"1:8.2.2+ds-0ubuntu1.4",
"1:8.2.2+ds-0ubuntu1.5",
"1:8.2.2+ds-0ubuntu1.6",
"1:8.2.2+ds-0ubuntu1.7",
"1:8.2.2+ds-0ubuntu1.8",
"1:8.2.2+ds-0ubuntu1.9",
"1:8.2.2+ds-0ubuntu1.10",
"1:8.2.2+ds-0ubuntu1.11",
"1:8.2.2+ds-0ubuntu1.12",
"1:8.2.2+ds-0ubuntu1.13",
"1:8.2.2+ds-0ubuntu1.14",
"1:8.2.2+ds-0ubuntu1.15"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-6519",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-2243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3195",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3196",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3842",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu-block-extra",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-block-supplemental",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-modules-opengl",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-modules-spice",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-riscv",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-system-xen",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-user",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:10.1.0+ds-5ubuntu2.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:10.1.0+ds-5ubuntu2.6?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.0+ds-5ubuntu2.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.2.1+ds-1ubuntu5",
"1:10.0.2+ds-1ubuntu1",
"1:10.0.2+ds-1ubuntu2",
"1:10.1.0+ds-1ubuntu1",
"1:10.1.0+ds-5ubuntu1",
"1:10.1.0+ds-5ubuntu2",
"1:10.1.0+ds-5ubuntu2.1",
"1:10.1.0+ds-5ubuntu2.2",
"1:10.1.0+ds-5ubuntu2.4",
"1:10.1.0+ds-5ubuntu2.5"
]
}
],
"aliases": [],
"details": "It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation\nof QEMU incorrectly handled memory. An attacker inside the guest could\npossibly use this issue to cause QEMU to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2024-6519)\n\nIt was discovered that QEMU could be made to read out of bounds when\nreading VMDK images. If a user or an automated system were tricked into\nopening a specially crafted VMDK image, an attacker could possibly use\nthis issue to leak sensitive informaton or cause QEMU to crash, resulting\nin a denial of service. (CVE-2026-2243)\n\nIt was discovered that the virtio-snd device implementation of QEMU could\nbe made to write out of bounds. An attacker inside the guest could\npossibly use this issue to cause QEMU to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. This issue only affected\nUbuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3195)\n\nIt was discovered that the virtio-snd device implementation of QEMU\ncontained an arithmetic overflow. An attacker inside the guest could\npossibly use this issue to cause QEMU to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. This issue only affected\nUbuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3196)\n\nIt was discovered that the Hyper-V Synthetic Debugging device\nimplementation of QEMU could me made to write out of bounds. An attacker\ninside the guest could possibly use this issue to cause QEMU to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3842)",
"id": "USN-8161-1",
"modified": "2026-06-30T15:54:55Z",
"published": "2026-04-09T14:22:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8161-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-6519"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-2243"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3195"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3196"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3842"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qemu vulnerabilities",
"upstream": [
"UBUNTU-CVE-2024-6519",
"UBUNTU-CVE-2026-2243",
"UBUNTU-CVE-2026-3195",
"UBUNTU-CVE-2026-3196",
"UBUNTU-CVE-2026-3842"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.