IBM95B7B3979FC49D7BDE916B55817117EE4921D7D95F322B44E9B8A81102041520Security Bulletin: Vulnerabilities in Qemu affect PowerKVM (Multiple Vulnerabilities)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Summary
PowerKVM is affected by six vulnerabilities in Qemu. These vulnerabilities are now fixed.
Vulnerability Details
CVEID: CVE-2015-5154**
DESCRIPTION:** QEMU is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the IDE subsystem while processing ATAPI commands. A local attacker on a guest system with CDROM drive enabled could overflow a buffer and execute arbitrary code on the host system with the privileges of the QEMU process assigned to the guest system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105114 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
CVEID: CVE-2015-5158**
DESCRIPTION:** QEMU, built with the SCSI device emulation support, is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing SCSI command descriptor block with an invalid operation code. A local authenticated attacker could exploit this vulnerability to overflow a buffer and cause the Qemu instance to crash.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105008 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2015-5225**
DESCRIPTION:** QEMU is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the vnc_refresh_server_surface() function. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the host system or cause the QEMU process to crash.
CVSS Base Score: 5.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
CVEID: CVE-2015-5278**
DESCRIPTION:** Qemu is vulnerable to a denial of service, caused by an error in the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop and crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-5279**
DESCRIPTION:** Qemu is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could overflow a buffer and execute arbitrary code on the system or cause the Qemu instance to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-6815**
DESCRIPTION:** Qemu, built with the e1000 NIC emulation support, is vulnerable to a denial of service, caused by an error when processing transmit descriptor data. By sending a specially crafted network packet, a remote authenticated attacker from within the local network could exploit this vulnerability to trigger an infinite loop and cause the application to crash.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106249 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
PowerKVM 2.1
Remediation/Fixes
Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 Build 65.1 and all later 2.1.1 SP3 service builds and 2.1.1 fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.
Workarounds and Mitigations
None
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C