QID 198432

Qemu incorrectly handled certain mmio operations.
Qemu incorrectly handled certain atapi commands.
Qemu incorrectly handled scsi device emulation.
Qemu incorrectly handled the virtio-fs shared file system daemon.
Qemu incorrectly handled arm generic interrupt controller emulation.
Qemu incorrectly handled e1000 device emulation.
Qemu incorrectly handled sdhci controller emulation.
Qemu incorrectly handled certain nic emulation devices.
Qemu incorrectly handled the usb redirector device.
Qemu incorrectly handled the virtio vhost-user gpu device.
Qemu incorrectly handled the pvrdma device.
Qemu slirp networking incorrectly handled certain udp packets.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

an attacker inside the guest could possibly use this issue to cause qemu to crash, resulting in a denial of service. (Cve-2020-15469).
An attacker inside the guest could possibly use this issue to cause qemu to crash, resulting in a denial of service.
This issue only affected ubuntu 21.04. (Cve-2020-29443).
An attacker inside the guest could possibly use this issue to cause qemu to crash, resulting in a denial of service. (Cve-2020-35504, cve-2020-35505, cve-2021-3392).
An attacker inside the guest could possibly use this issue to read and write to host devices.
This issue only affected ubuntu 20.10.
(cve-2020-35517).
An attacker inside the guest could possibly use this issue to cause qemu to crash, resulting in a denial of service.
This issue only affected ubuntu 18.04 lts, ubuntu 20.04 lts, and ubuntu 20.10.
(cve-2021-20221).
An attacker inside the guest could possibly use this issue to cause qemu to hang, resulting in a denial of service.
This issue only affected ubuntu 18.04 lts, ubuntu 20.04 lts, and ubuntu 20.10.
(cve-2021-20257).
an attacker inside the guest could use this issue to cause qemu to crash, resulting in a denial of service, or possibly execute arbitrary code.
In the default installation, when qemu is used in combination with libvirt, attackers would be isolated by the libvirt apparmor profile.
(cve-2021-3409).
An attacker inside the guest could possibly use this issue to cause qemu to hang or crash, resulting in a denial of service.
This issue only affected ubuntu 18.04 lts, ubuntu 20.04 lts, and ubuntu 20.10.
(cve-2021-3416).
An attacker inside the guest could possibly use this issue to cause qemu to consume resources, resulting in a denial of service.
(cve-2021-3527).
An attacker inside the guest could possibly use this issue to cause qemu to consume resources, leading to a denial of service.
This issue only affected ubuntu 20.04 lts, ubuntu 20.10, and ubuntu 21.04. (Cve-2021-3544).
An attacker inside the guest could possibly use this issue to obtain sensitive host information.
This issue only affected ubuntu 20.04 lts, ubuntu 20.10, and ubuntu 21.04. (Cve-2021-3545).
An attacker inside the guest could use this issue to cause qemu to crash, resulting in a denial of service, or possibly execute arbitrary code.
In the default installation, when qemu is used in combination with libvirt, attackers would be isolated by the libvirt apparmor profile.
This issue only affected ubuntu 20.04 lts, ubuntu 20.10, and ubuntu 21.04.
(cve-2021-3546).
An attacker inside the guest could use this issue to cause qemu to crash, resulting in a denial of service, or possibly execute arbitrary code.
In the default installation, when qemu is used in combination with libvirt, attackers would be isolated by the libvirt apparmor profile.
This issue only affected ubuntu 20.04 lts, ubuntu 20.10, and ubuntu 21.04.
(cve-2021-3582, cve-2021-3607, cve-2021-3608).
An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (Cve-2021-3592, cve-2021-3593, cve-2021-3594, cve-2021-3595).