CVE-2024-6519

Publication date 21 October 2024

Last updated 10 April 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

8.2 · High

Score breakdown

Description

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

Read the notes from the security team

Status

Package Ubuntu Release Status
qemu 25.10 questing
Fixed 1:10.1.0+ds-5ubuntu2.6
25.04 plucky Ignored end of life, was deferred [2026-03-20]
24.10 oracular Ignored end of life, was deferred [2026-03-20]
24.04 LTS noble
Fixed 1:8.2.2+ds-0ubuntu1.16
22.04 LTS jammy
Fixed 1:6.2+dfsg-2ubuntu6.30
20.04 LTS focal Ignored end of standard support, was deferred [2026-03-20]
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty Ignored end of ESM support, was deferred [2026-03-20]

Notes

mdeslaur

as of 2026-03-20, there is no upstream fix for this issue

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
qemu

Severity score breakdown

Parameter Value
Base score 8.2 · High
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities