Bug#1085299: marked as done (qemu: CVE-2024-6519: lsi53c895a: use-after-free local privilege escalation vulnerability)

Debian Bug Tracking System Tue, 12 May 2026 21:47:17 -0700

Your message dated Wed, 13 May 2026 07:45:25 +0300
with message-id <[email protected]>
and subject line Re: qemu: CVE-2024-6519
has caused the Debian Bug report #1085299,
regarding qemu: CVE-2024-6519: lsi53c895a: use-after-free local privilege 
escalation vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1085299: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085299
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: qemu
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for qemu.

CVE-2024-6519[0]:
qemu: SCSI: lsi53c895a: use-after-free local privilege escalation vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=2292089

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-6519
    https://www.cve.org/CVERecord?id=CVE-2024-6519

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message --- On Thu, 17 Oct 2024 23:06:16 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=<[email protected]> wrote:

Source: qemu
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for qemu.

CVE-2024-6519[0]:
qemu: SCSI: lsi53c895a: use-after-free local privilege escalation vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=2292089

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-6519
    https://www.cve.org/CVERecord?id=CVE-2024-6519

This has been fixed in upstream version 11.0.0, with commit

https://gitlab.com/qemu-project/qemu/-/commit/4862d2c95104d9fd0430cc003c205094f8ada1f9,

which is also being picked-up for older qemu stable releases.
https://gitlab.com/qemu-project/qemu/-/issues/3090

Thanks,

/mjt

--- End Message ---

Bug#1085299: marked as done (qemu: CVE-2024-6519: lsi53c895a: use-after-free local privilege escalation vulnerability)

Reply via email to