Launchpad.net

CVE 2019-6501

In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.

CVE-2019-6501 (Candidate) is related to these bugs:

Bug #1782206: KVM enable SnowRidge Accelerator Interfacing Architecture (AIA)

		In	Importance	Status
1782206	KVM enable SnowRidge Accelerator Interfacing Architecture (AIA)	xen (Ubuntu)	Wishlist	Incomplete
1782206	KVM enable SnowRidge Accelerator Interfacing Architecture (AIA)	qemu (Ubuntu)	Wishlist	Fix Released
1782206	KVM enable SnowRidge Accelerator Interfacing Architecture (AIA)	linux (Ubuntu)	Wishlist	Triaged

Bug #1828038: [19.10 FEAT] Update hardware CPU Model z14

Summary				In	Importance	Status
	1828038	[19.10 FEAT] Update hardware CPU Model z14		qemu (Ubuntu)	Undecided	Fix Released
	1828038	[19.10 FEAT] Update hardware CPU Model z14		Ubuntu on IBM z Systems	High	Fix Released

Bug #1830238: [19.10 FEAT] zKVM: Add hardware CPU Model - qemu part

Summary				In	Importance	Status
	1830238	[19.10 FEAT] zKVM: Add hardware CPU Model - qemu part		qemu (Ubuntu)	Undecided	Fix Released
	1830238	[19.10 FEAT] zKVM: Add hardware CPU Model - qemu part		Ubuntu on IBM z Systems	High	Fix Released

Bug #1830243: [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu

		In	Importance	Status
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	qemu (Ubuntu)	Undecided	Fix Released
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	Ubuntu on IBM z Systems	High	Fix Released
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	qemu (Ubuntu Bionic)	Undecided	Fix Released
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	qemu (Ubuntu Eoan)	Undecided	Fix Released
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	qemu (Ubuntu Xenial)	Undecided	Fix Released
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	qemu (Ubuntu Disco)	Undecided	Fix Released
1830243	[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu	qemu (Ubuntu Cosmic)	Undecided	Won't Fix

Bug #1832622: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)

		In	Importance	Status
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	qemu (Ubuntu)	Undecided	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	The Ubuntu-power-systems project	High	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	qemu (Ubuntu Xenial)	Undecided	Won't Fix
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	qemu (Ubuntu Bionic)	High	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	qemu (Ubuntu Cosmic)	Undecided	Won't Fix
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	qemu (Ubuntu Eoan)	Undecided	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	qemu (Ubuntu Disco)	High	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	linux (Ubuntu)	Undecided	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	linux (Ubuntu Bionic)	Undecided	Fix Released
1832622	QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)	linux (Ubuntu Disco)	High	Fix Released

See the

CVE page on Mitre.org for more details.