CVE 2020-25085
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_
Related bugs and status
CVE-2020-25085 (Candidate) is related to these bugs:
Bug #1897854: groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
Bug #1907656: [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | Ubuntu on IBM z Systems | High | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Hirsute) | Undecided | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1907789: 2.35.50 breaks ld -no-pie
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1907789 | 2.35.50 breaks ld -no-pie | binutils (Ubuntu) | Undecided | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | binutils | Medium | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | qemu (Ubuntu) | High | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | s390-tools (Ubuntu) | Undecided | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | Ubuntu on IBM z Systems | Undecided | Fix Released | ||
Bug #1907952: qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1907952 | qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0 | QEMU | Undecided | Fix Released | ||
| 1907952 | qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0 | qemu (Debian) | Unknown | Confirmed | ||
| 1907952 | qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0 | qemu (Ubuntu) | Undecided | Fix Released | ||
Bug #1909418: QEMU: Heap Overflow vulnerability in SDHCI Component
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1909418 | QEMU: Heap Overflow vulnerability in SDHCI Component | QEMU | Undecided | Fix Released | ||
Bug #1913421: Load of pre-upgrade qemu modules needs to avoid noexec
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Groovy) | Undecided | Won't Fix | ||
| 1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
| 1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Hirsute) | Undecided | Fix Released | ||
Bug #1929926: [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | qemu (Ubuntu) | Medium | Fix Released | ||
| 1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | Ubuntu on IBM z Systems | Wishlist | Fix Released | ||
| 1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | qemu (Ubuntu Focal) | Wishlist | Fix Released | ||
| 1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | qemu (Ubuntu Hirsute) | Wishlist | Fix Released | ||
Bug #1932264: qemu 6.0 breaks libvirt <7.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1932264 | qemu 6.0 breaks libvirt <7.2 | libvirt (Ubuntu) | Undecided | Fix Released | ||
| 1932264 | qemu 6.0 breaks libvirt <7.2 | qemu (Ubuntu) | Undecided | Fix Released | ||
Bug #1935617: systemd autopkgtest broken on ppc64el with qemu 6.0
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1935617 | systemd autopkgtest broken on ppc64el with qemu 6.0 | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1935617 | systemd autopkgtest broken on ppc64el with qemu 6.0 | systemd (Ubuntu) | Undecided | Invalid | ||
| 1935617 | systemd autopkgtest broken on ppc64el with qemu 6.0 | The Ubuntu-power-systems project | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
