ELSA-2026-50241
- ULN >
- Oracle Linux Errata repository >
- ELSA-2026-50241
ELSA-2026-50241 - qemu-kvm security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2026-04-24 |
Description
[7.2.0-37.el9]
- hashing: use mmap/munmap for isal functions (Elena Ufimtseva) [Orabug: 39165991]
- multifd: replace allocations/free with mmap/munmap (Elena Ufimtseva) [Orabug: 39165991]
- page_cache: use mmap() based data pool for cache items (Elena Ufimtseva) [Orabug: 39165991]
- page_cache: change cache allocations to mmap (Elena Ufimtseva) [Orabug: 39165991]
- migration: add mmap/munmap wrapper (Elena Ufimtseva) [Orabug: 39165991]
- target/i386/kvm: Use zero if kvm_msr_entry_add() is called by getter (Dongli Zhang) [Orabug: 38965920]
- target/i386/kvm: Use logical counter index for AMD PMU getter (Dongli Zhang) [Orabug: 38965920]
- Document CVEs (Mark Kanda) {CVE-2025-54566} {CVE-2025-54567} {CVE-2025-8860} {CVE-2026-0665} {CVE-2026-3886}
- hw/usb/hcd-ohci: check for MPS=0 to avoid infinite loop (Jenny Guanni Qu) [Orabug: 39160764] {CVE-2026-3890}
- hyperv/syndbg: check length returned by cpu_physical_memory_map() (Paolo Bonzini) [Orabug: 39160749] {CVE-2026-3842}
- block/vmdk: fix OOB read in vmdk_read_extent() (Halil Oktay) [Orabug: 39160776] {CVE-2026-2243}
- cryptodev-builtin: Limit the maximum size (zhenwei pi) [Orabug: 39173335] {CVE-2025-14876}
- hw/virtio/virtio-crypto: verify asym request size (zhenwei pi) [Orabug: 39173335] {CVE-2025-14876}
[7.2.0-36.el9]
- migration: Fix missing Error return in .load_setup() handlers (Maciej S. Szmigiero) [Orabug: 39154816]
- migration: Fix missing Error return in .save_setup() handlers (Maciej S. Szmigiero) [Orabug: 39154816]
- migration: qemu_savevm_state_setup(): Fix double PRECOPY_NOTIFY_SETUP call (Maciej S. Szmigiero) [Orabug: 39154816]
- multifd: Fix device state transfer (Maciej S. Szmigiero) [Orabug: 39154816]
- vfio/migration: Send VFIO_MIGRATION event before PRE_COPY_P2P transition (Avihai Horon) [Orabug: 39122260]
- vfio/migration: Adapt to upstream uAPI for VFIO_PRECOPY_INFO_REINIT (Maciej S. Szmigiero) [Orabug: 39121536]
[7.2.0-35.el9]
- migration: Disable switchover-ack-legacy by default for Exadata (Maciej S. Szmigiero) [Orabug: 37502472]
- vfio/migration: Check VFIO_PRECOPY_INFO_REINIT during completion (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Implement VFIO_PRECOPY_INFO_REINIT (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Implement new switchover-ack mechanism (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Add Error ** parameter to vfio_migration_init() (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Re-query precopy size before sending VFIO_MIG_FLAG_DEV_INIT_DATA_SENT (Avihai Horon) [Orabug: 37502472]
- migration: Check switchover-ack during switchover phase (Avihai Horon) [Orabug: 37502472]
- migration: Make switchover-ack re-usable (Avihai Horon) [Orabug: 37502472]
- migration: Refactor switchover-ack code (Avihai Horon) [Orabug: 37502472]
- linux-headers: Bring initial bytes re-init uAPI (Avihai Horon) [Orabug: 37502472]
- qemu-img: convert: add cli argument to use IO large buffers for convert (Akash Kulhalli) [Orabug: 37502472]
- hw/core/machine: Limit x-orcl-vm-tsc-khz-post-loadvm to KVM (Mark Kanda) [Orabug: 39095032]
- migration: add extra check for block in cache_fini (Elena Ufimtseva) [Orabug: 38885625]
- migration: do not tear down hash cache in critical path (Elena Ufimtseva) [Orabug: 38885625]
- migration: free cache->blocks in cache_fini() (Elena Ufimtseva) [Orabug: 39061395]
[7.2.0-34.el9]
- migration: bugfix - free migration_ops correctly (Elena Ufimtseva) [Orabug: 38977316]
- target/i386/kvm: set VM ioctl KVM_SET_TSC_KHZ post loadvm (Dongli Zhang) [Orabug: 38928409]
- migration: introduce KVM function called post loadvm (Dongli Zhang) [Orabug: 38928409]
- migration: add extra checks in multifd_ram_fill_packet (Elena Ufimtseva) [Orabug: 38949741]
- migration: fix the error path semantic in multifd thread (Elena Ufimtseva) [Orabug: 38949741]
- page_cache: dynamic cache allocation (Elena Ufimtseva) [Orabug: 38854239] [Orabug: 38949741]
- multifd: return errors on packets filling (Elena Ufimtseva) [Orabug: 38854239]
- migration: detect errors on hash initialization (Elena Ufimtseva) [Orabug: 38876780]
- migration: propagate hashing errors (Elena Ufimtseva) [Orabug: 38876780]
- migration/multifd: Handle allocation failures (Elena Ufimtseva) [Orabug: 38876780]
- migration: Add Error** argument to ram_state_init() (Cedric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to .load_setup() handler (Cedric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to .save_setup() handler (Cedric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to qemu_savevm_state_setup() (Cedric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to vmstate_save() (Cedric Le Goater) [Orabug: 38876780]
- migration: Always report an error in ram_save_setup() (Cedric Le Goater) [Orabug: 38876780]
- qemu-file: Make qemu_fflush() return errors (Juan Quintela) [Orabug: 38876780]
- qemu-file: remove shutdown member (Juan Quintela) [Orabug: 38876780]
- vfio: Always report an error in vfio_save_setup() (Cedric Le Goater) [Orabug: 38876780]
- migration/vmstate: Introduce vmstate_save_state_with_err (Tejus GK) [Orabug: 38876780]
- migration/vfio: Remove x-orcl-device-dirty-page-tracking (Elena Ufimtseva) [Orabug: 38944077]
- target/i386/kvm: write tsc_offset for parked vCPUs too (Dongli Zhang) [Orabug: 38853905]
- accel/kvm:: move KVMParkedVcpu definition to header file (Dongli Zhang) [Orabug: 38853905]
- target/i386/kvm: use vCPU 0 tsc_offset for all vCPUs (Dongli Zhang) [Orabug: 38853905]
- target/i386/kvm: account downtime only with synchronized TSC (Dongli Zhang) [Orabug: 38853905]
- target/i386/kvm: implement reset method for kvmclock (Dongli Zhang) [Orabug: 38853905]
[7.2.0-33.el9]
- migration: Change default pages to scan to 8192 for Exadata (Elena Ufimtseva) [Orabug: 38732433]
- meson: check if isa-l installed and enable it (Elena Ufimtseva) [Orabug: 38732433]
- migration/page_cache: Improve isal-crypto-mb-sha256 cache-miss handling (Joao Martins) [Orabug: 38732433]
- migration/page_cache: Add isal_crypto multi-buffer sha256 variant (Joao Martins) [Orabug: 38732433]
- migration/page_cache: Add batching mode support for isa-l_crypto (Joao Martins) [Orabug: 38732433]
- migration: Use algorithm table to initialize hashing (Elena Ufimtseva) [Orabug: 38732433]
- migration: Add existing algorithms to description table (Elena Ufimtseva) [Orabug: 38732433]
- migration: Add a unified description structure for hashing algorithms (Elena Ufimtseva) [Orabug: 38732433]
[7.2.0-32.el9]
- spec: Provide aarch64 and mips user static packages (Mark Kanda)
These packages are for Oracle internal use only (not for external customers)
- cpu: Only compile runstate_is_running() for system mode (Mark Kanda)
- linux-user: Do not define struct sched_attr if libc headers do (Khem Raj)
[7.2.0-31.el9]
- migration: Fix the cancellation/error path (Elena Ufimtseva) [Orabug: 38739293]
[7.2.0-30.el9]
- live migration: scan and clear contiguous dirty pages regions of ram (Elena Ufimtseva) [Orabug: 38388170]
- migration: add hash_rate trace point (Elena Ufimtseva) [Orabug: 38388170]
- migration: add parameter to specify max number of contiguous pages (Elena Ufimtseva) [Orabug: 38388170]
- multifd: send more pages then IOV_MAX (Elena Ufimtseva) [Orabug: 38388170]
- io: fix use after free in websocket handshake code (Daniel P. Berrange) [Orabug: 38687831] {CVE-2025-11234}
[7.2.0-29.el9]
- hw/core/machine.c: Add vhost-scsi-pci num_queues = 1 to hw_compat_7_2_exadata (Greg Jumper) [Orabug: 38544462]
- target/i386/kvm: account blackout downtime for kvm-clock and guest TSC (Dongli Zhang) [Orabug: 38307402]
- cpus: resume hotplugged vCPU only when the guest is running (Dongli Zhang) [Orabug: 38307402]
- system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add() (Dmitrii Gavrilov) [Orabug: 38298220]
- acpi: pcihp: allow repeating hot-unplug requests (Igor Mammedov) [Orabug: 38257990]
- hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint (Peter Maydell) [Orabug: 37517799] {CVE-2024-8354}
- target/i386: Introduce GraniteRapids-v2 model (Tao Su) [Orabug: 38330786]
- target/i386: Add AVX512 state when AVX10 is supported (Tao Su) [Orabug: 38330786]
- target/i386: Add feature dependencies for AVX10 (Tao Su) [Orabug: 38330786]
- target/i386: add CPUID.24 features for AVX10 (Tao Su) [Orabug: 38330786]
- target/i386: add AVX10 feature and AVX10 version property (Tao Su) [Orabug: 38330786]
- target/i386: return bool from x86_cpu_filter_features (Paolo Bonzini) [Orabug: 38330786]
- target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits (Paolo Bonzini) [Orabug: 38330786]
- target/i386: Call accel-agnostic x86_cpu_get_supported_cpuid() (Philippe Mathieu-Daude) [Orabug: 38330786]
- target/i386: Add new CPU model GraniteRapids (Tao Su) [Orabug: 38330786]
[7.2.0-28.el9]
- hw/i386: Add an exadata machine (Joao Martins) [Orabug: 38408711]
- arm/kvm: add support for MTE (Cornelia Huck)
- target/arm: When tag memory is not present, set MTE=1 (Richard Henderson)
- spec: provide qemu-kvm-device-usb-host package (Mark Kanda) [Orabug: 38355110]
- kvm.conf: do not automatically enable virt when loading kvm (Mark Kanda) [Orabug: 38320046]
Related CVEs
| CVE-2024-36350 |
| CVE-2024-36357 |
| CVE-2024-8354 |
| CVE-2025-11234 |
| CVE-2025-14876 |
| CVE-2025-54566 |
| CVE-2025-54567 |
| CVE-2025-8860 |
| CVE-2026-0665 |
| CVE-2026-2243 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | qemu-kvm-7.2.0-37.el9.src.rpm | e7ae62133db914b08d4d142033d15266375160df5812d82be932f65c94e95c8c | - | ol9_aarch64_kvm_utils |
| qemu-guest-agent-7.2.0-37.el9.aarch64.rpm | 9000acf2eae8c075dc2a818184093ef92c5049312f6c0bc1c696caa02b05a05d | - | ol9_aarch64_kvm_utils | |
| qemu-img-7.2.0-37.el9.aarch64.rpm | 909610448bc3c61dbbff98365bf8d4fd9c924a9e490ea920cdd4adb281814cf4 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-7.2.0-37.el9.aarch64.rpm | 3de08aa3eb38c60b81941d60675d0f445442534d5d160d95b8d202f10e41581f | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-curl-7.2.0-37.el9.aarch64.rpm | 07bf20131528058c29e677b95426af7edd8b8c596d53f09d04e09b120ef0f66f | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-iscsi-7.2.0-37.el9.aarch64.rpm | 01f86b60d436af6437e09da5e616edc58cf8fdfc86a054839e5e26ceab6ae4bb | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-rbd-7.2.0-37.el9.aarch64.rpm | 697a33b710965ce107fa272b8bdbe0ad82f84768e9d3bec677271ab2b585ecc6 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-block-ssh-7.2.0-37.el9.aarch64.rpm | ac213e724ec54e51661f77cd05d9f64c160a858bdc7a3c14f75eae524a2dd1ab | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-common-7.2.0-37.el9.aarch64.rpm | c24436ba38ac7bfb028ec7d1354dc534271e23dfd22716775d0629e862352354 | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-core-7.2.0-37.el9.aarch64.rpm | 437f412c025c4202cc6b4d6cf4895d548132806fc3acfca486c1a14571df6aaa | - | ol9_aarch64_kvm_utils | |
| qemu-kvm-device-usb-host-7.2.0-37.el9.aarch64.rpm | 3a82b35fb7b85816ed8213d76c520bbcfc68c347521d5d0500c93334357d0572 | - | ol9_aarch64_kvm_utils | |
| qemu-virtiofsd-7.2.0-37.el9.aarch64.rpm | d7fe34ba1d9a3c1a259acdf662c2f3c01bcf1250a9d0f5a5d2243fd874665acd | - | ol9_aarch64_kvm_utils | |
| Oracle Linux 9 (x86_64) | qemu-kvm-7.2.0-37.el9.src.rpm | e7ae62133db914b08d4d142033d15266375160df5812d82be932f65c94e95c8c | - | ol9_x86_64_kvm_utils |
| qemu-guest-agent-7.2.0-37.el9.x86_64.rpm | 873e34181daf8f472b5f841797cc69fce5403699c2122cd027f81aaf99b5dbf5 | - | ol9_x86_64_kvm_utils | |
| qemu-img-7.2.0-37.el9.x86_64.rpm | d102b1e77cebbf26927a331fdcc1adc5c5f127052cb064b3dd955bbc7e523c75 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-7.2.0-37.el9.x86_64.rpm | a5bed2f1b663af7ceb066e2fb20c74b4ab0914e6b52bd669d35949f954f606fb | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-curl-7.2.0-37.el9.x86_64.rpm | 00cae2c2b2ef2214ff28d9145bdc4b7e3c35fdaf12fb45efb4e3c8eb5e62c0cd | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-iscsi-7.2.0-37.el9.x86_64.rpm | 7715d20fad62495cc0a093008f5a81723edd7f7fa1a7150eac6bb060b36a6a95 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-rbd-7.2.0-37.el9.x86_64.rpm | a7cfeced82def3fd3a62c5c18182661d7edf4e1fb8ee990c57724ca8a3905c1a | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-block-ssh-7.2.0-37.el9.x86_64.rpm | b3efc381c4f50107af724408dbd87761ac3bfc5d57bbf90940292afeda360ddd | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-common-7.2.0-37.el9.x86_64.rpm | 4039d505d8f51da6ac7d234c8a813b25580094d2b78da19baa7cf362f0a3901e | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-core-7.2.0-37.el9.x86_64.rpm | fc12ba34bd6c5dff8d35cf197c23a73cc1ca2921bff49f93d3566cd185316813 | - | ol9_x86_64_kvm_utils | |
| qemu-kvm-device-usb-host-7.2.0-37.el9.x86_64.rpm | 1c9ca0dc0b653710cd56d231880d6ba094dcdccd7154167927ef7519a05544f3 | - | ol9_x86_64_kvm_utils | |
| qemu-virtiofsd-7.2.0-37.el9.x86_64.rpm | edd4162e965f6ba3d762b9f269aa465426eb20dea91bb23096d1cc67bdd7b56b | - | ol9_x86_64_kvm_utils | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
