[Git][security-tracker-team/security-tracker][master] Update information for qemu issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 23 06:05:18 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
beee76ac by Salvatore Bonaccorso at 2026-04-23T07:04:53+02:00
Update information for qemu issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,21 @@
 CVE-2026-5744 [hw/uefi: heap overflow]
 	- qemu 1:11.0.0+ds-1
+	[bookworm] - qemu <not-affected> (Vulnerable code introduced later)
+	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/90ca4e03c27dc8ac821a2e1686e705ae9a93d301 (v10.0.0-rc0)
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/af74c9e46bb55e2da042315a0c65666f59c61686 (v11.0.0-rc3)
 CVE-2026-5761 [virtio-blk: zone report buffer out-of-memory]
 	- qemu 1:11.0.0+ds-1
+	[bookworm] - qemu <not-affected> (Vulnerable code introduced later)
+	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/4f7366506a96c862c796d4ea1913110d9c341e7d (v8.1.0-rc0)
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/4913ae36f9796c55d434dcbfa6bdb9ebb3e5e4b1 (v11.0.0-rc4)
 CVE-2026-5763 [virtio-scsi request size mismatch]
 	- qemu 1:11.0.0+ds-1
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/79971302935472232a68073faddb085177e3ca54 (v11.0.0-rc3)
 CVE-2026-3890 [hcd-ohci: infinite loop]
 	- qemu 1:11.0.0+ds-1
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d402 (v11.0.0-rc1)
 CVE-2026-6862 (A flaw was found in libefiboot, a component of efivar. The device path ...)
 	- efivar <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2459982



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beee76acef45dc7c1803e6b498b49f9c926c0144

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beee76acef45dc7c1803e6b498b49f9c926c0144
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/9c839018/attachment.htm>

More information about the debian-security-tracker-commits mailing list