Lucene search

K
osvGoogleOSV:DSA-3349-1
HistorySep 02, 2015 - 12:00 a.m.

qemu-kvm - security update

2015-09-0200:00:00
Google
osv.dev
8

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

  • CVE-2015-5165
    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process’s heap.
  • CVE-2015-5745
    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u9.

We recommend that you upgrade your qemu-kvm packages.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for OSV:DSA-3349-1