English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.845420
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5489-1)
Summary:The remote host is missing an update for the 'qemu' package(s) announced via the USN-5489-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the USN-5489-1 advisory.

Vulnerability Insight:
Alexander Bulekov discovered that QEMU incorrectly handled floppy disk
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly leak
sensitive information. (CVE-2021-3507)

It was discovered that QEMU incorrectly handled NVME controller emulation.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929)

It was discovered that QEMU incorrectly handled QXL display device
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-4206, CVE-2021-4207)

Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that QEMU
incorrectly handled the virtiofsd shared file system daemon. An attacker
inside the guest could use this issue to create files with incorrect
ownership, possibly leading to privilege escalation. This issue only
affected Ubuntu 22.04 LTS. (CVE-2022-0358)

It was discovered that QEMU incorrectly handled virtio-net devices. A
privileged attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-26353)

It was discovered that QEMU incorrectly handled vhost-vsock devices. A
privileged attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-26354)

Affected Software/OS:
'qemu' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10, Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3507
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1951118
https://security.netapp.com/advisory/ntap-20210528-0005/
Common Vulnerability Exposure (CVE) ID: CVE-2021-3929
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I/
https://access.redhat.com/security/cve/CVE-2021-3929
https://bugzilla.redhat.com/show_bug.cgi?id=2020298
https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385
https://gitlab.com/qemu-project/qemu/-/issues/556
https://gitlab.com/qemu-project/qemu/-/issues/782
Common Vulnerability Exposure (CVE) ID: CVE-2021-4206
Debian Security Information: DSA-5133 (Google Search)
https://www.debian.org/security/2022/dsa-5133
https://security.gentoo.org/glsa/202208-27
https://bugzilla.redhat.com/show_bug.cgi?id=2036998
https://starlabs.sg/advisories/21-4206/
Common Vulnerability Exposure (CVE) ID: CVE-2021-4207
https://bugzilla.redhat.com/show_bug.cgi?id=2036966
https://starlabs.sg/advisories/21-4207/
Common Vulnerability Exposure (CVE) ID: CVE-2022-0358
https://access.redhat.com/security/cve/CVE-2022-0358
https://bugzilla.redhat.com/show_bug.cgi?id=2044863
https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
Common Vulnerability Exposure (CVE) ID: CVE-2022-26353
DSA-5133
GLSA-202208-27
https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37
https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html
https://security.netapp.com/advisory/ntap-20220425-0003/
Common Vulnerability Exposure (CVE) ID: CVE-2022-26354
[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.