Security Bulletin: Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary

Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance.

Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016.
For withdrawal announcement information details see the Reference section below.

Vulnerability Details

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.

CVEID: CVE-2015-5279**
DESCRIPTION:** Qemu is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could overflow a buffer and execute arbitrary code on the system or cause the Qemu instance to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-4037**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by insecure temporary file use in /net/slirp.c. An attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103526 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2015-5239**
DESCRIPTION:** QEMU, built with the VNC display driver, is vulnerable to a denial of service, caused by an integer overflow in the vnc_client_read() and protocol_client_msg() functions. A local authenticated attacker could exploit this vulnerability using a CLIENT_CUT_TEXT message with a specially crafted payload string to trigger an infinite loop within the VNC driver and cause the Qemu process to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106091 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-5278**
DESCRIPTION:** Qemu is vulnerable to a denial of service, caused by an error in the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop and crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-6855**
DESCRIPTION:** Qemu is vulnerable to a denial of service, caused by a divide-by-zero error within an emulator built with IDE disk and CD/DVD-ROM emulation support when executing IDE’s WIN_READ_NATIVE_MAX command. A remote authenticated attacker could exploit this vulnerability to cause the QEMU instance to crash.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106313 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

All releases of IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance

Remediation/Fixes

Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016.

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.

For withdrawal announcement information details see the Reference section below.

Workarounds and Mitigations

None.