Amazon Linux 2 Security Advisory: ALAS2-2025-3061
Advisory Released Date: 2025-11-10
Advisory Updated Date: 2025-11-10
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. (CVE-2021-4206)
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. (CVE-2022-26354)
Affected Packages:
qemu
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qemu or yum update --advisory ALAS2-2025-3061 to update your system.
aarch64:
qemu-3.1.0-8.amzn2.0.22.aarch64
qemu-common-3.1.0-8.amzn2.0.22.aarch64
qemu-guest-agent-3.1.0-8.amzn2.0.22.aarch64
qemu-img-3.1.0-8.amzn2.0.22.aarch64
ivshmem-tools-3.1.0-8.amzn2.0.22.aarch64
qemu-block-curl-3.1.0-8.amzn2.0.22.aarch64
qemu-block-dmg-3.1.0-8.amzn2.0.22.aarch64
qemu-block-iscsi-3.1.0-8.amzn2.0.22.aarch64
qemu-block-nfs-3.1.0-8.amzn2.0.22.aarch64
qemu-block-rbd-3.1.0-8.amzn2.0.22.aarch64
qemu-block-ssh-3.1.0-8.amzn2.0.22.aarch64
qemu-audio-alsa-3.1.0-8.amzn2.0.22.aarch64
qemu-audio-oss-3.1.0-8.amzn2.0.22.aarch64
qemu-audio-pa-3.1.0-8.amzn2.0.22.aarch64
qemu-audio-sdl-3.1.0-8.amzn2.0.22.aarch64
qemu-ui-curses-3.1.0-8.amzn2.0.22.aarch64
qemu-ui-gtk-3.1.0-8.amzn2.0.22.aarch64
qemu-ui-sdl-3.1.0-8.amzn2.0.22.aarch64
qemu-kvm-3.1.0-8.amzn2.0.22.aarch64
qemu-kvm-core-3.1.0-8.amzn2.0.22.aarch64
qemu-user-3.1.0-8.amzn2.0.22.aarch64
qemu-user-binfmt-3.1.0-8.amzn2.0.22.aarch64
qemu-user-static-3.1.0-8.amzn2.0.22.aarch64
qemu-system-aarch64-3.1.0-8.amzn2.0.22.aarch64
qemu-system-aarch64-core-3.1.0-8.amzn2.0.22.aarch64
qemu-system-x86-3.1.0-8.amzn2.0.22.aarch64
qemu-system-x86-core-3.1.0-8.amzn2.0.22.aarch64
qemu-debuginfo-3.1.0-8.amzn2.0.22.aarch64
src:
qemu-3.1.0-8.amzn2.0.22.src
x86_64:
qemu-3.1.0-8.amzn2.0.22.x86_64
qemu-common-3.1.0-8.amzn2.0.22.x86_64
qemu-guest-agent-3.1.0-8.amzn2.0.22.x86_64
qemu-img-3.1.0-8.amzn2.0.22.x86_64
ivshmem-tools-3.1.0-8.amzn2.0.22.x86_64
qemu-block-curl-3.1.0-8.amzn2.0.22.x86_64
qemu-block-dmg-3.1.0-8.amzn2.0.22.x86_64
qemu-block-iscsi-3.1.0-8.amzn2.0.22.x86_64
qemu-block-nfs-3.1.0-8.amzn2.0.22.x86_64
qemu-block-rbd-3.1.0-8.amzn2.0.22.x86_64
qemu-block-ssh-3.1.0-8.amzn2.0.22.x86_64
qemu-audio-alsa-3.1.0-8.amzn2.0.22.x86_64
qemu-audio-oss-3.1.0-8.amzn2.0.22.x86_64
qemu-audio-pa-3.1.0-8.amzn2.0.22.x86_64
qemu-audio-sdl-3.1.0-8.amzn2.0.22.x86_64
qemu-ui-curses-3.1.0-8.amzn2.0.22.x86_64
qemu-ui-gtk-3.1.0-8.amzn2.0.22.x86_64
qemu-ui-sdl-3.1.0-8.amzn2.0.22.x86_64
qemu-kvm-3.1.0-8.amzn2.0.22.x86_64
qemu-kvm-core-3.1.0-8.amzn2.0.22.x86_64
qemu-user-3.1.0-8.amzn2.0.22.x86_64
qemu-user-binfmt-3.1.0-8.amzn2.0.22.x86_64
qemu-user-static-3.1.0-8.amzn2.0.22.x86_64
qemu-system-aarch64-3.1.0-8.amzn2.0.22.x86_64
qemu-system-aarch64-core-3.1.0-8.amzn2.0.22.x86_64
qemu-system-x86-3.1.0-8.amzn2.0.22.x86_64
qemu-system-x86-core-3.1.0-8.amzn2.0.22.x86_64
qemu-debuginfo-3.1.0-8.amzn2.0.22.x86_64