Launchpad.net

CVE 2017-8284

** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."

Related bugs and status

CVE-2017-8284 (Candidate) is related to these bugs:

Bug #1759509: [19.10][qemu] virsh dompmwakeup fails to wake VM from dompmsuspend state (kvm)

		In	Importance	Status
1759509	[19.10][qemu] virsh dompmwakeup fails to wake VM from dompmsuspend state (kvm)	qemu (Ubuntu)	High	Fix Released
1759509	[19.10][qemu] virsh dompmwakeup fails to wake VM from dompmsuspend state (kvm)	The Ubuntu-power-systems project	High	Fix Released
1759509	[19.10][qemu] virsh dompmwakeup fails to wake VM from dompmsuspend state (kvm)	libvirt (Ubuntu)	High	Fix Released

Bug #1782205: KVM SnowRidge enable new ISAs

		In	Importance	Status
1782205	KVM SnowRidge enable new ISAs	xen (Ubuntu)	Undecided	Invalid
1782205	KVM SnowRidge enable new ISAs	qemu (Ubuntu)	Undecided	Fix Released
1782205	KVM SnowRidge enable new ISAs	linux (Ubuntu)	Undecided	Fix Released

Bug #1786956: [19.04 FEAT] upgrade qemu > 3.0

Summary				In	Importance	Status
	1786956	[19.04 FEAT] upgrade qemu > 3.0		qemu (Ubuntu)	Undecided	Fix Released
	1786956	[19.04 FEAT] upgrade qemu > 3.0		Ubuntu on IBM z Systems	High	Fix Released

Bug #1806104: [Ubuntu-18.04][LTC-Test] Warning: "qemu-system-ppc64: System page size 0x40000000 is not enabled in page_size_mask (0x11000). Performance may be slow" Noticed while booting guest backed by Hugepages.

		In	Importance	Status
1806104	[Ubuntu-18.04][LTC-Test] Warning: "qemu-system-ppc64: System page size 0x40000000 is not enabled in page_size_mask (0x11000). Performance may be slow" Noticed while booting guest backed by Hugepages.	qemu (Ubuntu)	Medium	Fix Released
1806104	[Ubuntu-18.04][LTC-Test] Warning: "qemu-system-ppc64: System page size 0x40000000 is not enabled in page_size_mask (0x11000). Performance may be slow" Noticed while booting guest backed by Hugepages.	The Ubuntu-power-systems project	Medium	Fix Released
1806104	[Ubuntu-18.04][LTC-Test] Warning: "qemu-system-ppc64: System page size 0x40000000 is not enabled in page_size_mask (0x11000). Performance may be slow" Noticed while booting guest backed by Hugepages.	qemu (Ubuntu Cosmic)	Low	Fix Released
1806104	[Ubuntu-18.04][LTC-Test] Warning: "qemu-system-ppc64: System page size 0x40000000 is not enabled in page_size_mask (0x11000). Performance may be slow" Noticed while booting guest backed by Hugepages.	qemu (Ubuntu Bionic)	Low	Fix Released

Bug #1809083: [Ubuntu 18.04] Backward migration of Ubuntu 16.04.4 P8 guest from Ubuntu 18.04 P9 Host -> Ubuntu 16.04.4 P8 host is broken

		In	Importance	Status
1809083	[Ubuntu 18.04] Backward migration of Ubuntu 16.04.4 P8 guest from Ubuntu 18.04 P9 Host -> Ubuntu 16.04.4 P8 host is broken	qemu (Ubuntu)	Undecided	Fix Released
1809083	[Ubuntu 18.04] Backward migration of Ubuntu 16.04.4 P8 guest from Ubuntu 18.04 P9 Host -> Ubuntu 16.04.4 P8 host is broken	The Ubuntu-power-systems project	High	Fix Released
1809083	[Ubuntu 18.04] Backward migration of Ubuntu 16.04.4 P8 guest from Ubuntu 18.04 P9 Host -> Ubuntu 16.04.4 P8 host is broken	qemu (Ubuntu Bionic)	Undecided	Fix Released
1809083	[Ubuntu 18.04] Backward migration of Ubuntu 16.04.4 P8 guest from Ubuntu 18.04 P9 Host -> Ubuntu 16.04.4 P8 host is broken	qemu (Ubuntu Cosmic)	Undecided	Fix Released

Bug #1812384: [Ubuntu] qemu - backport diag308 stable exception fix

		In	Importance	Status
1812384	[Ubuntu] qemu - backport diag308 stable exception fix	qemu (Ubuntu)	Undecided	Fix Released
1812384	[Ubuntu] qemu - backport diag308 stable exception fix	Ubuntu on IBM z Systems	Medium	Fix Released
1812384	[Ubuntu] qemu - backport diag308 stable exception fix	qemu (Ubuntu Cosmic)	Undecided	Fix Released
1812384	[Ubuntu] qemu - backport diag308 stable exception fix	qemu (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.chromium....
MISC: https://github.com/qem...