This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1249603817496396496== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="joozWiD9nTqJ7nAJwqrujiFOKKeiGG93g"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --joozWiD9nTqJ7nAJwqrujiFOKKeiGG93g Content-Type: multipart/mixed; boundary="wbLXQodaJOlD4RkafHF5KEoQWWF6A3DAI"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <5ca6b0b9-cd57-1093-0b6f-3df02ae08f68@canonical.com> Subject: [USN-5010-1] QEMU vulnerabilities
--wbLXQodaJOlD4RkafHF5KEoQWWF6A3DAI Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5010-1 July 15, 2021
qemu vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer
Details:
Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-15469)
Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.04. (CVE-2020-29443)
Cheolwoo Myung discovered that QEMU incorrectly handled SCSI device emulation. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-35504, CVE-2020-35505, CVE-2021-3392)
Alex Xu discovered that QEMU incorrectly handled the virtio-fs shared file system daemon. An attacker inside the guest could possibly use this issue to read and write to host devices. This issue only affected Ubuntu 20.10. (CVE-2020-35517)
It was discovered that QEMU incorrectly handled ARM Generic Interrupt Controller emulation. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-20221)
Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann, and Simon Werner discovered that QEMU incorrectly handled e1000 device emulation. An attacker inside the guest could possibly use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-20257)
It was discovered that QEMU incorrectly handled SDHCI controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, when QEMU is used in combination with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2021-3409)
It was discovered that QEMU incorrectly handled certain NIC emulation devices. An attacker inside the guest could possibly use this issue to cause QEMU to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-3416)
Remy Noel discovered that QEMU incorrectly handled the USB redirector device. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2021-3527)
It was discovered that QEMU incorrectly handled the virtio vhost-user GPU device. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3544)
It was discovered that QEMU incorrectly handled the virtio vhost-user GPU device. An attacker inside the guest could possibly use this issue to obtain sensitive host information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3545)
It was discovered that QEMU incorrectly handled the virtio vhost-user GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, when QEMU is used in combination with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3546)
It was discovered that QEMU incorrectly handled the PVRDMA device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, when QEMU is used in combination with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3582, CVE-2021-3607, CVE-2021-3608)
It was discovered that QEMU SLiRP networking incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: qemu-system 1:5.2+dfsg-9ubuntu3.1 qemu-system-arm 1:5.2+dfsg-9ubuntu3.1 qemu-system-mips 1:5.2+dfsg-9ubuntu3.1 qemu-system-misc 1:5.2+dfsg-9ubuntu3.1 qemu-system-ppc 1:5.2+dfsg-9ubuntu3.1 qemu-system-s390x 1:5.2+dfsg-9ubuntu3.1 qemu-system-sparc 1:5.2+dfsg-9ubuntu3.1 qemu-system-x86 1:5.2+dfsg-9ubuntu3.1 qemu-system-x86-microvm 1:5.2+dfsg-9ubuntu3.1 qemu-system-x86-xen 1:5.2+dfsg-9ubuntu3.1
Ubuntu 20.10: qemu-system 1:5.0-5ubuntu9.9 qemu-system-arm 1:5.0-5ubuntu9.9 qemu-system-mips 1:5.0-5ubuntu9.9 qemu-system-misc 1:5.0-5ubuntu9.9 qemu-system-ppc 1:5.0-5ubuntu9.9 qemu-system-s390x 1:5.0-5ubuntu9.9 qemu-system-sparc 1:5.0-5ubuntu9.9 qemu-system-x86 1:5.0-5ubuntu9.9 qemu-system-x86-microvm 1:5.0-5ubuntu9.9 qemu-system-x86-xen 1:5.0-5ubuntu9.9
Ubuntu 20.04 LTS: qemu-system 1:4.2-3ubuntu6.17 qemu-system-arm 1:4.2-3ubuntu6.17 qemu-system-mips 1:4.2-3ubuntu6.17 qemu-system-misc 1:4.2-3ubuntu6.17 qemu-system-ppc 1:4.2-3ubuntu6.17 qemu-system-s390x 1:4.2-3ubuntu6.17 qemu-system-sparc 1:4.2-3ubuntu6.17 qemu-system-x86 1:4.2-3ubuntu6.17 qemu-system-x86-microvm 1:4.2-3ubuntu6.17 qemu-system-x86-xen 1:4.2-3ubuntu6.17
Ubuntu 18.04 LTS: qemu-system 1:2.11+dfsg-1ubuntu7.37 qemu-system-arm 1:2.11+dfsg-1ubuntu7.37 qemu-system-mips 1:2.11+dfsg-1ubuntu7.37 qemu-system-misc 1:2.11+dfsg-1ubuntu7.37 qemu-system-ppc 1:2.11+dfsg-1ubuntu7.37 qemu-system-s390x 1:2.11+dfsg-1ubuntu7.37 qemu-system-sparc 1:2.11+dfsg-1ubuntu7.37 qemu-system-x86 1:2.11+dfsg-1ubuntu7.37
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5010-1 CVE-2020-15469, CVE-2020-29443, CVE-2020-35504, CVE-2020-35505, CVE-2020-35517, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3409, CVE-2021-3416, CVE-2021-3527, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546, CVE-2021-3582, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3607, CVE-2021-3608
Package Information: https://launchpad.net/ubuntu/+source/qemu/1:5.2+dfsg-9ubuntu3.1 https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu9.9 https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.17 https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.37
--wbLXQodaJOlD4RkafHF5KEoQWWF6A3DAI--
--joozWiD9nTqJ7nAJwqrujiFOKKeiGG93g Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmDwhEgACgkQZWnYVadE vpMzTQ//XGkAGXMQKLZgMPHEaErZ7NfBPmoFKHnCWe/TdlzbQr4rhOhlOYxq92Ab 0ZoX3ACEFeT7BC5cfuSgtZvPvLHpmg9gpbZrVRz9k8g9cNLobdFL3cXrA7EiKdta CFA2pZjpgsawcWEKUTa8WqtMpOvGl9c726iNWK2SY3TkRFxmkIPmhKG2lK0Q+sci IqJp0JZ4X8YplPAP1JcgmYiTzat06AlXdJYKCCUWGPka23+HrPVzQ+f2QMsXG9x7 66QIktB/cIikBf4grGRpy8oS7KyRc9W+TzxOiGpoO4PU7B/dE7CDfq+LWolXIDXC b/cJ03hzZvPRUMd/pyOaNFqG58DypbjU38z9kZ1BFssGNjthwZsjtqUkQm3WUFd2 0VpKIUAB+nvob3jLWHjK6B2fSHHNRjjuxEklk5ZVY4BU0se1vzT9KfzA6pCJwIT/ yzx4EkLMlggnADYItI7AClw0LGeZIVK8KbUYr/aMnaGge5nQoiPywE1+9sFIH9Ue VZ7z9sPZAqjfxJc4WvUTaYcbJmv1qJwitXaySU+sURvegnAk7Ynek3Yrkz7WAuAA whUZavCkXjvYxtMrQGvOmZtElbysAyKso6jMMtRblOLezUUa+ovsTGI46shO/A+D ERGvhqMGCSxmjXGNanjKJkFzm9YHNAw9PP0O4ZEOv6uYM93ACxs= =Z+oz -----END PGP SIGNATURE-----
--joozWiD9nTqJ7nAJwqrujiFOKKeiGG93g--
--===============1249603817496396496== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============1249603817496396496==--
|