Launchpad CVE tracker

CVE 2021-3409

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Related bugs and status

CVE-2021-3409 (Candidate) is related to these bugs:

Bug #1907952: qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0

		In	Importance	Status
1907952	qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0	QEMU	Undecided	Fix Released
1907952	qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0	qemu (Debian)	Unknown	Confirmed
1907952	qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0	qemu (Ubuntu)	Undecided	Fix Released

Bug #1913421: Load of pre-upgrade qemu modules needs to avoid noexec

		In	Importance	Status
1913421	Load of pre-upgrade qemu modules needs to avoid noexec	qemu (Ubuntu)	Undecided	Fix Released
1913421	Load of pre-upgrade qemu modules needs to avoid noexec	qemu (Ubuntu Groovy)	Undecided	Won't Fix
1913421	Load of pre-upgrade qemu modules needs to avoid noexec	qemu (Ubuntu Focal)	Undecided	Fix Released
1913421	Load of pre-upgrade qemu modules needs to avoid noexec	qemu (Ubuntu Bionic)	Undecided	Fix Released
1913421	Load of pre-upgrade qemu modules needs to avoid noexec	qemu (Ubuntu Hirsute)	Undecided	Fix Released

Bug #1929926: [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction

		In	Importance	Status
1929926	[UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction	qemu (Ubuntu)	Medium	Fix Released
1929926	[UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction	Ubuntu on IBM z Systems	Wishlist	Fix Released
1929926	[UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction	qemu (Ubuntu Focal)	Wishlist	Fix Released
1929926	[UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction	qemu (Ubuntu Hirsute)	Wishlist	Fix Released

Bug #1932264: qemu 6.0 breaks libvirt <7.2

Summary				In	Importance	Status
	1932264	qemu 6.0 breaks libvirt <7.2		libvirt (Ubuntu)	Undecided	Fix Released
	1932264	qemu 6.0 breaks libvirt <7.2		qemu (Ubuntu)	Undecided	Fix Released

Bug #1935617: systemd autopkgtest broken on ppc64el with qemu 6.0

		In	Importance	Status
1935617	systemd autopkgtest broken on ppc64el with qemu 6.0	qemu (Ubuntu)	Undecided	Fix Released
1935617	systemd autopkgtest broken on ppc64el with qemu 6.0	systemd (Ubuntu)	Undecided	Invalid
1935617	systemd autopkgtest broken on ppc64el with qemu 6.0	The Ubuntu-power-systems project	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-3409

References