-
Wed Jun 03 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-41.el8
- hw/virtio/virtio-crypto: validate asym session key size (Miguel Luis) [Orabug: 39480090]
- virtio-net: validate RSS queue selectors in parser (Miguel Luis) [Orabug: 39480096]
- ui: fix validation of VNC extended clipboard data length (Heechan Kang) [Orabug: 39442988] {CVE-2026-8343}
- ui/vnc: fix OOB read updating VNC update frequency stats (Daniel P. Berrangé) [Orabug: 39447326] {CVE-2026-48003}
- ui/vnc: fix OOB write in lossy rect worker code (Daniel P. Berrangé) [Orabug: 39447332] {CVE-2026-48002}
- ui/vnc: fix OOB write in VNC stats array (Daniel P. Berrangé) [Orabug: 39447332] {CVE-2026-48002}
- tests/unit/test-blockjob: Disable complete_in_standby test (Peter Maydell) [Orabug: 39447937]
- virtio-scsi: reset SCSI devices from main loop thread (Stefan Hajnoczi) [Orabug: 39296894]
- dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race (Stefan Hajnoczi) [Orabug: 39296894]
- scsi: protect req->aiocb with AioContext lock (Stefan Hajnoczi) [Orabug: 39296894]
- virtio-iommu: add error check before assert (Manos Pitsidianakis) [Orabug: 39447244]
- hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command() (Eric Auger) [Orabug: 39447244]
- thread-pool: Allow at least 1 thread in thread_pool_adjust_max_threads_to_work() (Maciej S. Szmigiero) [Orabug: 39429151]
- lsi53c895a: keep a reference to the device while SCRIPTS execute (Paolo Bonzini) [Orabug: 37517793] {CVE-2024-6519}
- hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() (Zheng Huang) [Orabug: 37517793] {CVE-2024-6519}
- hw/scsi/lsi53c895a: bump instruction limit in scripts processing to fix regression (Fiona Ebner) [Orabug: 37517793] {CVE-2024-6519}
- hw/scsi/lsi53c895a: add timer to scripts processing (Sven Schnelle) [Orabug: 37517793] {CVE-2024-6519}
- hw/scsi/lsi53c895a: add missing decrement of reentrancy counter (Sven Schnelle) [Orabug: 39429302]
- hw/i386/amd_iommu: Move IOAPIC memory region initialization to the end (Sairaj Kodilkar) [Orabug: 39422329]
- virtio-scsi: pass the same cdb_size to virtio_scsi_pop_req and virtio_scsi_handle_cmd_req_prepare (Paolo Bonzini) [Orabug: 39414097] {CVE-2026-5763}
- softmmu: Support concurrent bounce buffers (Mattias Nissler) [Orabug: 37509310] {CVE-2024-8612}
- system/physmem: Per-AddressSpace bounce buffering (Mattias Nissler) [Orabug: 37509310] {CVE-2024-8612}
- system/physmem: Propagate AddressSpace to MapClient helpers (Mattias Nissler) [Orabug: 37509310] {CVE-2024-8612}
- hw/pci: Ignore config-space data between 0x804-0x807 (Joao Martins)
- hostmem-memfd: Documentation for memory-backend-memfd "keep" property (William Roche) [Orabug: 38769121]
- hostmem-memfd: Wire up MFD_MF_KEEP_UE_MAPPED via "keep" property (William Roche) [Orabug: 38769121]
-
Mon May 04 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-38.el8
- multifd: Save number of pages for batch context pages (Elena Ufimtseva) [Orabug: 39001115]
- migration: Introduce MigrateCleanupCtx for cleanup thread (Elena Ufimtseva) [Orabug: 39001115]
- migration: Move qemu_mmap_node/qemu_munmap_node (Elena Ufimtseva) [Orabug: 39001115]
- multifd: Allocate a large chunk for pages->cached (Elena Ufimtseva) [Orabug: 39214550]
- migration: Defer multifd and hash cache cleanup (Elena Ufimtseva) [Orabug: 39215178]
- multifd: Split multifd_send_shutdown (Elena Ufimtseva) [Orabug: 39215178]
- migration: Rename background cleanup thread and mutex/cond (Elena Ufimtseva) [Orabug: 39215178]
-
Fri Apr 10 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-37.el8
- hashing: use mmap/munmap for isal functions (Elena Ufimtseva) [Orabug: 39165991]
- multifd: replace allocations/free with mmap/munmap (Elena Ufimtseva) [Orabug: 39165991]
- page_cache: use mmap() based data pool for cache items (Elena Ufimtseva) [Orabug: 39165991]
- page_cache: change cache allocations to mmap (Elena Ufimtseva) [Orabug: 39165991]
- migration: add mmap/munmap wrapper (Elena Ufimtseva) [Orabug: 39165991]
- target/i386/kvm: Use zero if kvm_msr_entry_add() is called by getter (Dongli Zhang) [Orabug: 38965920]
- target/i386/kvm: Use logical counter index for AMD PMU getter (Dongli Zhang) [Orabug: 38965920]
- Document CVEs (Mark Kanda) {CVE-2025-54566} {CVE-2025-54567} {CVE-2025-8860} {CVE-2026-0665} {CVE-2026-3886}
- hw/usb/hcd-ohci: check for MPS=0 to avoid infinite loop (Jenny Guanni Qu) [Orabug: 39160764] {CVE-2026-3890}
- hyperv/syndbg: check length returned by cpu_physical_memory_map() (Paolo Bonzini) [Orabug: 39160749] {CVE-2026-3842}
- block/vmdk: fix OOB read in vmdk_read_extent() (Halil Oktay) [Orabug: 39160776] {CVE-2026-2243}
- cryptodev-builtin: Limit the maximum size (zhenwei pi) [Orabug: 39173335] {CVE-2025-14876}
- hw/virtio/virtio-crypto: verify asym request size (zhenwei pi) [Orabug: 39173335] {CVE-2025-14876}
-
Wed Apr 01 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-36.el8
- migration: Fix missing Error return in .load_setup() handlers (Maciej S. Szmigiero) [Orabug: 39154816]
- migration: Fix missing Error return in .save_setup() handlers (Maciej S. Szmigiero) [Orabug: 39154816]
- migration: qemu_savevm_state_setup(): Fix double PRECOPY_NOTIFY_SETUP call (Maciej S. Szmigiero) [Orabug: 39154816]
- multifd: Fix device state transfer (Maciej S. Szmigiero) [Orabug: 39154816]
- vfio/migration: Send VFIO_MIGRATION event before PRE_COPY_P2P transition (Avihai Horon) [Orabug: 39122260]
- vfio/migration: Adapt to upstream uAPI for VFIO_PRECOPY_INFO_REINIT (Maciej S. Szmigiero) [Orabug: 39121536]
-
Thu Mar 19 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-35.el8
- migration: Disable switchover-ack-legacy by default for Exadata (Maciej S. Szmigiero) [Orabug: 37502472]
- vfio/migration: Check VFIO_PRECOPY_INFO_REINIT during completion (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Implement VFIO_PRECOPY_INFO_REINIT (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Implement new switchover-ack mechanism (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Add Error ** parameter to vfio_migration_init() (Avihai Horon) [Orabug: 37502472]
- vfio/migration: Re-query precopy size before sending VFIO_MIG_FLAG_DEV_INIT_DATA_SENT (Avihai Horon) [Orabug: 37502472]
- migration: Check switchover-ack during switchover phase (Avihai Horon) [Orabug: 37502472]
- migration: Make switchover-ack re-usable (Avihai Horon) [Orabug: 37502472]
- migration: Refactor switchover-ack code (Avihai Horon) [Orabug: 37502472]
- linux-headers: Bring initial bytes re-init uAPI (Avihai Horon) [Orabug: 37502472]
- qemu-img: convert: add cli argument to use IO large buffers for convert (Akash Kulhalli) [Orabug: 37502472]
- hw/core/machine: Limit x-orcl-vm-tsc-khz-post-loadvm to KVM (Mark Kanda) [Orabug: 39095032]
- migration: add extra check for block in cache_fini (Elena Ufimtseva) [Orabug: 38885625]
- migration: do not tear down hash cache in critical path (Elena Ufimtseva) [Orabug: 38885625]
- migration: free cache->blocks in cache_fini() (Elena Ufimtseva) [Orabug: 39061395]
-
Tue Feb 17 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-34.el8
- migration: bugfix - free migration_ops correctly (Elena Ufimtseva) [Orabug: 38977316]
- target/i386/kvm: set VM ioctl KVM_SET_TSC_KHZ post loadvm (Dongli Zhang) [Orabug: 38928409]
- migration: introduce KVM function called post loadvm (Dongli Zhang) [Orabug: 38928409]
- migration: add extra checks in multifd_ram_fill_packet (Elena Ufimtseva) [Orabug: 38949741]
- migration: fix the error path semantic in multifd thread (Elena Ufimtseva) [Orabug: 38949741]
- page_cache: dynamic cache allocation (Elena Ufimtseva) [Orabug: 38854239] [Orabug: 38949741]
- multifd: return errors on packets filling (Elena Ufimtseva) [Orabug: 38854239]
- migration: detect errors on hash initialization (Elena Ufimtseva) [Orabug: 38876780]
- migration: propagate hashing errors (Elena Ufimtseva) [Orabug: 38876780]
- migration/multifd: Handle allocation failures (Elena Ufimtseva) [Orabug: 38876780]
- migration: Add Error** argument to ram_state_init() (Cédric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to .load_setup() handler (Cédric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to .save_setup() handler (Cédric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to qemu_savevm_state_setup() (Cédric Le Goater) [Orabug: 38876780]
- migration: Add Error** argument to vmstate_save() (Cédric Le Goater) [Orabug: 38876780]
- migration: Always report an error in ram_save_setup() (Cédric Le Goater) [Orabug: 38876780]
- qemu-file: Make qemu_fflush() return errors (Juan Quintela) [Orabug: 38876780]
- qemu-file: remove shutdown member (Juan Quintela) [Orabug: 38876780]
- vfio: Always report an error in vfio_save_setup() (Cédric Le Goater) [Orabug: 38876780]
- migration/vmstate: Introduce vmstate_save_state_with_err (Tejus GK) [Orabug: 38876780]
- migration/vfio: Remove x-orcl-device-dirty-page-tracking (Elena Ufimtseva) [Orabug: 38944077]
- target/i386/kvm: write tsc_offset for parked vCPUs too (Dongli Zhang) [Orabug: 38853905]
- accel/kvm:: move KVMParkedVcpu definition to header file (Dongli Zhang) [Orabug: 38853905]
- target/i386/kvm: use vCPU 0 tsc_offset for all vCPUs (Dongli Zhang) [Orabug: 38853905]
- target/i386/kvm: account downtime only with synchronized TSC (Dongli Zhang) [Orabug: 38853905]
- target/i386/kvm: implement reset method for kvmclock (Dongli Zhang) [Orabug: 38853905]
-
Wed Jan 21 2026 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-33.el8
- migration: Change default pages to scan to 8192 for Exadata (Elena Ufimtseva) [Orabug: 38732433]
- meson: check if isa-l installed and enable it (Elena Ufimtseva) [Orabug: 38732433]
- migration/page_cache: Improve isal-crypto-mb-sha256 cache-miss handling (Joao Martins) [Orabug: 38732433]
- migration/page_cache: Add isal_crypto multi-buffer sha256 variant (Joao Martins) [Orabug: 38732433]
- migration/page_cache: Add batching mode support for isa-l_crypto (Joao Martins) [Orabug: 38732433]
- migration: Use algorithm table to initialize hashing (Elena Ufimtseva) [Orabug: 38732433]
- migration: Add existing algorithms to description table (Elena Ufimtseva) [Orabug: 38732433]
- migration: Add a unified description structure for hashing algorithms (Elena Ufimtseva) [Orabug: 38732433]
-
Tue Dec 23 2025 Mark Kanda <mark.kanda@oracle.com> - 7.2.0-32.el8
- spec: Provide aarch64 and mips user static packages (Mark Kanda)
These packages are for Oracle internal use only (not for external customers)
- cpu: Only compile runstate_is_running() for system mode (Mark Kanda)
- linux-user: Do not define struct sched_attr if libc headers do (Khem Raj)
-
Tue Dec 09 2025 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-31.el8
- migration: Fix the cancellation/error path (Elena Ufimtseva) [Orabug: 38739293]
-
Wed Dec 03 2025 Karl Heubaum <karl.heubaum@oracle.com> - 7.2.0-30.el8
- live migration: scan and clear contiguous dirty pages regions of ram (Elena Ufimtseva) [Orabug: 38388170]
- migration: add hash_rate trace point (Elena Ufimtseva) [Orabug: 38388170]
- migration: add parameter to specify max number of contiguous pages (Elena Ufimtseva) [Orabug: 38388170]
- multifd: send more pages then IOV_MAX (Elena Ufimtseva) [Orabug: 38388170]
- io: fix use after free in websocket handshake code (Daniel P. Berrangé) [Orabug: 38687831] {CVE-2025-11234}