USN-4467-3: QEMU regression

22 February 2021

USN-4467-1 introduced a regression in QEMU.

Releases

Packages

  • qemu - Machine emulator and virtualizer

Details

USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754
introduced a regression in certain environments. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko
discovered that the QEMU incorrectly handled certain msi-x mmio operations.
An attacker inside a guest could possibly use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2020-13754)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.