diff -Nru qemu-2.11+dfsg/debian/changelog qemu-2.11+dfsg/debian/changelog
--- qemu-2.11+dfsg/debian/changelog	2022-06-10 01:37:25.000000000 +1000
+++ qemu-2.11+dfsg/debian/changelog	2022-11-29 12:47:39.000000000 +1000
@@ -1,3 +1,9 @@
+qemu (1:2.11+dfsg-1ubuntu7.41) bionic; urgency=medium
+
+  * d/p/u/lp1994002-migration-Read-state-once.patch (LP: #1994002)
+
+ -- Brett Milford <brett.milford@canonical.com>  Tue, 29 Nov 2022 12:47:39 +1000
+
 qemu (1:2.11+dfsg-1ubuntu7.40) bionic-security; urgency=medium
 
   * SECURITY UPDATE: heap overflow in floppy disk emulator
diff -Nru qemu-2.11+dfsg/debian/patches/series qemu-2.11+dfsg/debian/patches/series
--- qemu-2.11+dfsg/debian/patches/series	2022-06-10 01:37:19.000000000 +1000
+++ qemu-2.11+dfsg/debian/patches/series	2022-11-29 12:46:39.000000000 +1000
@@ -241,3 +241,4 @@
 CVE-2021-4207.patch
 CVE-2022-26353.patch
 CVE-2022-26354.patch
+ubuntu/lp1994002-migration-Read-state-once.patch
diff -Nru qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch
--- qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch	1970-01-01 10:00:00.000000000 +1000
+++ qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch	2022-11-29 12:47:32.000000000 +1000
@@ -0,0 +1,57 @@
+Origin: https://github.com/qemu/qemu/commit/552de79bfdd5e9e53847eb3c6d6e4cd898a4370e
+Bug-Ubuntu: https://bugs.launchpad.net/cloud-archive/+bug/1994002
+From 552de79bfdd5e9e53847eb3c6d6e4cd898a4370e Mon Sep 17 00:00:00 2001
+From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
+Date: Wed, 13 Apr 2022 12:33:29 +0100
+Subject: [PATCH] migration: Read state once
+
+The 'status' field for the migration is updated normally using
+an atomic operation from the migration thread.
+Most readers of it aren't that careful, and in most cases it doesn't
+matter.
+
+In query_migrate->fill_source_migration_info the 'state'
+is read twice; the first time to decide which state fields to fill in,
+and then secondly to copy the state to the status field; that can end up
+with a status that's inconsistent; e.g. setting up the fields
+for 'setup' and then having an 'active' status.  In that case
+libvirt gets upset by the lack of ram info.
+The symptom is:
+   libvirt.libvirtError: internal error: migration was active, but no RAM info was set
+
+Read the state exactly once in fill_source_migration_info.
+
+This is a possible fix for:
+https://bugzilla.redhat.com/show_bug.cgi?id=2074205
+
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Message-Id: <20220413113329.103696-1-dgilbert@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+---
+ migration/migration.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -595,8 +595,9 @@ MigrationInfo *qmp_query_migrate(Error *
+ {
+     MigrationInfo *info = g_malloc0(sizeof(*info));
+     MigrationState *s = migrate_get_current();
++    int state = atomic_read(&s->state);
+ 
+-    switch (s->state) {
++    switch (state) {
+     case MIGRATION_STATUS_NONE:
+         /* no migration has happened ever */
+         break;
+@@ -648,7 +649,7 @@ MigrationInfo *qmp_query_migrate(Error *
+         info->has_status = true;
+         break;
+     }
+-    info->status = s->state;
++    info->status = state;
+ 
+     return info;
+ }