This bug was fixed in the package qemu - 1:9.2.1+ds-1ubuntu5.2
---------------
qemu (1:9.2.1+ds-1ubuntu5.2) plucky-security; urgency=medium
* SECURITY UPDATE: possibly binfmt privilege escalation (LP: #2120814)
- debian/binfmt-install: stop using C (Credentials) flag for
binfmt_misc registration.
* WARNING: this package does _not_ contain the changes from
(1:9.2.1+ds-1ubuntu5.1) in plucky-proposed.
-- Marc Deslauriers <[email protected]> Tue, 26 Aug 2025
07:58:37 -0400
** Changed in: qemu (Ubuntu Plucky)
Status: In Progress => Fix Released
** Changed in: qemu (Ubuntu Noble)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-3446
** CVE added: https://cve.org/CVERecord?id=CVE-2024-3447
** CVE added: https://cve.org/CVERecord?id=CVE-2024-3567
** CVE added: https://cve.org/CVERecord?id=CVE-2024-4467
** CVE added: https://cve.org/CVERecord?id=CVE-2024-6505
** CVE added: https://cve.org/CVERecord?id=CVE-2024-7409
** CVE added: https://cve.org/CVERecord?id=CVE-2024-8354
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120814
Title:
binfmt_misc C (Credentials) flag as security risk with setuid binaries
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2120814/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
