Security Bulletin: PowerKVM is affected by a Qemu vulnerability (CVE-2015-1779)

Summary

PowerKVM is vulnerable to Qemu vulnerability CVE-2015-1779.

Vulnerability Details

CVEID: CVE-2015-1779**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error when processing incoming frames by the websocket frame decoder. A remote attacker from within the local network with access to a guest’s VNC console could exploit this vulnerability to exhaust all available CPU and memory resources.
CVSS Base Score: 5.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101834 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:C)

Affected Products and Versions

PowerKVM 2.1

Remediation/Fixes

Fix is made available via Fix Central in Build 46 and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see the README at <http://delivery04.dhe.ibm.com/sar/CMA/OSA/04xig/0/README&gt; for prerequisite fixes and instructions.

Workarounds and Mitigations

None