{"id": "RHSA-2014:1075", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:1075) Moderate: qemu-kvm security and bug fix update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs:\n\n* In certain scenarios, when performing live incremental migration, the\ndisk size could be expanded considerably due to the transfer of unallocated\nsectors past the end of the base image. With this update, the\nbdrv_is_allocated() function has been fixed to no longer return \"True\" for\nunallocated sectors, and the disk size no longer changes after performing\nlive incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU to\nprocess I/O requests outside of the vCPU thread, reducing the latency of\nsubmitting requests and improving single task throughput. (BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a KVM\nguest did not reach the target device due to QEMU considering such commands\nas invalid. This update fixes this bug by properly propagating\nvendor-specific SCSI commands to the target device. (BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "published": "2014-08-19T04:00:00", "modified": "2018-06-06T20:24:31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2014:1075", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-0222", "CVE-2014-0223"], "lastseen": "2019-08-13T18:45:03", "viewCount": 7, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2019-08-13T18:45:03", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0223", "CVE-2014-0222"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30747", "SECURITYVULNS:VULN:14003", "SECURITYVULNS:VULN:13705", "SECURITYVULNS:DOC:31148", "SECURITYVULNS:DOC:30746"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-0929-1.NASL", "CENTOS_RHSA-2014-1075.NASL", "SUSE_11_KVM-140919.NASL", "REDHAT-RHSA-2014-1076.NASL", "FEDORA_2014-6970.NASL", "DEBIAN_DSA-3045.NASL", "ORACLELINUX_ELSA-2014-1075.NASL", "SL_20140819_QEMU_KVM_ON_SL6_X.NASL", "DEBIAN_DSA-3044.NASL", "REDHAT-RHSA-2014-1075.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0349", "ELSA-2014-1075", "ELSA-2014-0927"]}, {"type": "centos", "idList": ["CESA-2014:0927", "CESA-2014:1075"]}, {"type": "redhat", "idList": ["RHSA-2014:1187", "RHSA-2014:1268", "RHSA-2014:1076", "RHSA-2014:1168", "RHSA-2014:0927"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703045", "OPENVAS:1361412562310850901", "OPENVAS:703044", "OPENVAS:1361412562310703044", "OPENVAS:1361412562310868177", "OPENVAS:1361412562310871229", "OPENVAS:1361412562310867891", "OPENVAS:1361412562310867991", "OPENVAS:1361412562310123329", "OPENVAS:1361412562310881989"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1853-1", "SUSE-SU-2016:0658-1", "OPENSUSE-SU-2015:2003-1", "SUSE-SU-2015:1894-1", "SUSE-SU-2015:0929-1", "SUSE-SU-2015:1952-1", "SUSE-SU-2015:1908-1", "SUSE-SU-2016:1154-1", "SUSE-SU-2016:1445-1", "OPENSUSE-SU-2015:1964-1"]}, {"type": "fedora", "idList": ["FEDORA:0888F20BE1", "FEDORA:4C485604E838", "FEDORA:0C3FF60CF086", "FEDORA:56C2A22A60", "FEDORA:ADAE222CFE", "FEDORA:EACF360879A8", "FEDORA:2585E20E97", "FEDORA:E992D60F7AA9"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3044-1:23B91", "DEBIAN:DSA-3045-1:9607E"]}, {"type": "gentoo", "idList": ["GLSA-201408-17"]}, {"type": "ubuntu", "idList": ["USN-2342-1"]}], "modified": "2019-08-13T18:45:03", "rev": 2}, "vulnersScore": 6.7}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "qemu-guest-agent", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-guest-agent-0.12.1.2-2.415.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-debuginfo", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "qemu-kvm", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-kvm-0.12.1.2-2.415.el6_5.14.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-img-0.12.1.2-2.415.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "qemu-kvm-debuginfo", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-tools", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.415.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-kvm-0.12.1.2-2.415.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageVersion": "0.12.1.2-2.415.el6_5.14", "packageFilename": "qemu-guest-agent-0.12.1.2-2.415.el6_5.14.x86_64.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T06:14:24", "description": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.", "edition": 7, "cvss3": {}, "published": "2014-11-04T21:55:00", "title": "CVE-2014-0223", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0223"], "modified": "2020-11-02T14:39:00", "cpe": ["cpe:/a:qemu:qemu:0.11.0", "cpe:/a:qemu:qemu:0.15.1", "cpe:/a:qemu:qemu:1.6.1", "cpe:/a:qemu:qemu:0.12.3", "cpe:/a:qemu:qemu:0.4.3", "cpe:/a:qemu:qemu:1.0.1", "cpe:/a:qemu:qemu:0.9.1", "cpe:/a:qemu:qemu:0.1.1", "cpe:/a:qemu:qemu:0.10.1", "cpe:/a:qemu:qemu:0.5.3", "cpe:/a:qemu:qemu:0.11.0-rc2", "cpe:/a:qemu:qemu:0.12.5", "cpe:/a:qemu:qemu:0.11.0-rc0", "cpe:/a:qemu:qemu:1.6.0", "cpe:/a:qemu:qemu:0.11.0-rc1", "cpe:/a:qemu:qemu:0.1.3", "cpe:/a:qemu:qemu:0.8.1", "cpe:/a:qemu:qemu:1.0", "cpe:/a:qemu:qemu:1.5.1", "cpe:/a:qemu:qemu:0.2.0", "cpe:/a:qemu:qemu:0.10.2", "cpe:/a:qemu:qemu:0.12.2", "cpe:/a:qemu:qemu:0.5.4", "cpe:/a:qemu:qemu:0.1.2", "cpe:/o:suse:linux_enterprise_server:11.0", "cpe:/a:qemu:qemu:1.6.2", "cpe:/a:qemu:qemu:0.5.1", "cpe:/a:qemu:qemu:1.5.3", "cpe:/a:qemu:qemu:0.5.5", "cpe:/a:qemu:qemu:0.3.0", "cpe:/a:qemu:qemu:0.4.2", "cpe:/a:qemu:qemu:0.5.0", "cpe:/a:qemu:qemu:0.7.0", "cpe:/a:qemu:qemu:1.7.1", "cpe:/a:qemu:qemu:1.5.2", "cpe:/a:qemu:qemu:0.9.1-5", "cpe:/a:qemu:qemu:0.1.4", "cpe:/a:qemu:qemu:0.10.3", "cpe:/a:qemu:qemu:1.5.0", "cpe:/a:qemu:qemu:0.6.0", "cpe:/a:qemu:qemu:0.15.0", "cpe:/a:qemu:qemu:0.1.0", "cpe:/a:qemu:qemu:0.10.5", "cpe:/a:qemu:qemu:0.6.1", "cpe:/a:qemu:qemu:0.10.6", "cpe:/a:qemu:qemu:0.11.1", "cpe:/a:qemu:qemu:0.1.6", "cpe:/a:qemu:qemu:0.14.0", "cpe:/a:qemu:qemu:0.12.1", "cpe:/a:qemu:qemu:0.9.0", "cpe:/a:qemu:qemu:0.10.0", "cpe:/a:qemu:qemu:1.4.1", "cpe:/a:qemu:qemu:0.1.5", "cpe:/a:qemu:qemu:0.5.2", "cpe:/a:qemu:qemu:0.4.0", "cpe:/a:qemu:qemu:0.13.0", "cpe:/a:qemu:qemu:0.8.2", "cpe:/a:qemu:qemu:0.7.1", "cpe:/a:qemu:qemu:0.8.0", "cpe:/a:qemu:qemu:0.14.1", "cpe:/a:qemu:qemu:1.4.2", "cpe:/a:qemu:qemu:0.10.4", "cpe:/a:qemu:qemu:0.12.0", "cpe:/a:qemu:qemu:0.15.2", "cpe:/a:qemu:qemu:0.12.4", "cpe:/a:qemu:qemu:1.1", "cpe:/a:qemu:qemu:0.4.1", "cpe:/a:qemu:qemu:0.7.2"], "id": "CVE-2014-0223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0223", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.", "edition": 7, "cvss3": {}, "published": "2014-11-04T21:55:00", "title": "CVE-2014-0222", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0222"], "modified": "2020-11-02T14:39:00", "cpe": ["cpe:/a:qemu:qemu:0.11.0", "cpe:/a:qemu:qemu:0.15.1", "cpe:/a:qemu:qemu:1.6.1", "cpe:/a:qemu:qemu:0.12.3", "cpe:/a:qemu:qemu:0.4.3", "cpe:/a:qemu:qemu:1.0.1", "cpe:/a:qemu:qemu:0.9.1", "cpe:/a:qemu:qemu:0.1.1", "cpe:/a:qemu:qemu:0.10.1", "cpe:/a:qemu:qemu:0.5.3", "cpe:/a:qemu:qemu:0.11.0-rc2", "cpe:/a:qemu:qemu:0.12.5", "cpe:/a:qemu:qemu:0.11.0-rc0", "cpe:/a:qemu:qemu:1.6.0", "cpe:/a:qemu:qemu:0.11.0-rc1", "cpe:/a:qemu:qemu:0.1.3", "cpe:/a:qemu:qemu:0.8.1", "cpe:/a:qemu:qemu:1.0", "cpe:/a:qemu:qemu:1.5.1", "cpe:/a:qemu:qemu:0.2.0", "cpe:/a:qemu:qemu:0.10.2", "cpe:/a:qemu:qemu:0.12.2", "cpe:/a:qemu:qemu:0.5.4", "cpe:/a:qemu:qemu:0.1.2", "cpe:/o:suse:linux_enterprise_server:11.0", "cpe:/a:qemu:qemu:1.6.2", "cpe:/a:qemu:qemu:0.5.1", "cpe:/a:qemu:qemu:1.5.3", "cpe:/a:qemu:qemu:0.5.5", "cpe:/a:qemu:qemu:0.3.0", "cpe:/a:qemu:qemu:0.4.2", "cpe:/a:qemu:qemu:0.5.0", "cpe:/a:qemu:qemu:0.7.0", "cpe:/a:qemu:qemu:1.7.1", "cpe:/a:qemu:qemu:1.5.2", "cpe:/a:qemu:qemu:0.9.1-5", "cpe:/a:qemu:qemu:0.1.4", "cpe:/a:qemu:qemu:0.10.3", "cpe:/a:qemu:qemu:1.5.0", "cpe:/a:qemu:qemu:0.6.0", "cpe:/a:qemu:qemu:0.15.0", "cpe:/a:qemu:qemu:0.1.0", "cpe:/a:qemu:qemu:0.10.5", "cpe:/a:qemu:qemu:0.6.1", "cpe:/a:qemu:qemu:0.10.6", "cpe:/a:qemu:qemu:0.11.1", "cpe:/a:qemu:qemu:0.1.6", "cpe:/a:qemu:qemu:0.14.0", "cpe:/a:qemu:qemu:0.12.1", "cpe:/a:qemu:qemu:0.9.0", "cpe:/a:qemu:qemu:0.10.0", "cpe:/a:qemu:qemu:1.4.1", "cpe:/a:qemu:qemu:0.1.5", "cpe:/a:qemu:qemu:0.5.2", "cpe:/a:qemu:qemu:0.4.0", "cpe:/a:qemu:qemu:0.13.0", "cpe:/a:qemu:qemu:0.8.2", "cpe:/a:qemu:qemu:0.7.1", "cpe:/a:qemu:qemu:0.8.0", "cpe:/a:qemu:qemu:0.14.1", "cpe:/a:qemu:qemu:1.4.2", "cpe:/a:qemu:qemu:0.10.4", "cpe:/a:qemu:qemu:0.12.0", "cpe:/a:qemu:qemu:0.15.2", "cpe:/a:qemu:qemu:0.12.4", "cpe:/a:qemu:qemu:1.1", "cpe:/a:qemu:qemu:0.4.1", "cpe:/a:qemu:qemu:0.7.2"], "id": "CVE-2014-0222", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0222", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0223"], "description": "\r\n Hello,\r\n\r\n&#39;CVE-2014-0223&#39; has been assigned to this issue.\r\n\r\nA huge image size could cause s-&gt;l1_size to overflow. Make sure that\r\nimages never require a L1 table larger than what fits in s-&gt;l1_size.\r\n\r\nThis cannot only cause unbounded allocations, but also the allocation of\r\na too small L1 table, resulting in out-of-bounds array accesses &#40;both\r\nreads and writes&#41;.\r\n\r\nUpstream fix:\r\n-------------\r\n -&gt; https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html\r\n\r\nThank you.\r\n-- \r\nPrasad J Pandit / Red Hat Security Response Team\r\n", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30747", "title": "[oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0222"], "description": "\r\n Hello,\r\n\r\n&#39;CVE-2014-0222&#39; has been assigned to this issue.\r\n\r\nToo large L2 table sizes cause unbounded allocations. Images actually\r\ncreated by qemu-img only have 512 byte or 4k L2 tables.\r\n\r\nTo keep things consistent with cluster sizes, allow ranges between 512\r\nbytes and 64k &#40;in fact, down to 1 entry = 8 bytes is technically\r\nworking, but L2 table sizes smaller than a cluster don&#39;t make a lot of\r\nsense&#41;.\r\n\r\nThis also means that the number of bytes on the virtual disk that are\r\ndescribed by the same L2 table is limited to at most 8k * 64k or 2^29,\r\npreventively avoiding any integer overflows.\r\n\r\nUpstream fix:\r\n-------------\r\n -&gt; https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html\r\n\r\nThank you.\r\n-- \r\nPrasad J Pandit / Red Hat Security Response Team\r\n", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30746", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30746", "title": "[oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0223", "CVE-2013-4544", "CVE-2014-2894", "CVE-2013-6456", "CVE-2013-7336", "CVE-2014-0222", "CVE-2013-4541", "CVE-2014-0150", "CVE-2014-3461"], "description": "DoS, memory corruptions, buffer overflow.", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:VULN:13705", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13705", "title": "QEMU multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3045-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nOctober 04, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : qemu\r\nCVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 \r\n CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223\r\n CVE-2014-3615 CVE-2014-3640\r\n\r\nSeveral vulnerabilities were discovered in qemu, a fast processor \r\nemulator:\r\n\r\n* Various security issues have been found in the block qemu drivers. \r\n Malformed disk images might result in the execution of arbitrary code.\r\n* A NULL pointer dereference in SLIRP may result in denial of service\r\n* An information leak was discovered in the VGA emulation\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 1.1.2+dfsg-6a+deb7u4.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your qemu packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJUMEnLAAoJEBDCk7bDfE42TxoP/0ucI8Y1R4moKwIfxu7kg1JS\r\nBBrgw9bDzo/yWX2HloCRHmOFMChgT8MwehegWSE+ApnL0WYj1d0P1/6F/y73nKV0\r\nqF4OC4MaXwj1Ax+/A2G9rUa8BJqgZcT8wZFv9RD3/FLbIDn3MybWtdQihbUg3kvV\r\nIAfYdEgd7ihPbZVzxbYdOU+8niC/Nn29ohfzfBIeoVpITCcmrCROy+RyI775hV33\r\nCQnzoTEvGO91BdbaelYzM1Dinyt/Hp100VPJhOyDKmqpmZ+xR708+t+aqB0EHJxz\r\ndhn+0jXpUdiF4P00u2htjGSsndF2RPd4sJnxmc1atUZ47DxRgB4bmyHBd4Qk7bYy\r\ne6mnE9inCqZVzFHPlMFiOz932B/uP0uoA/sXyDKLfGi1IC0LPn/CZ68JphhnhMQZ\r\nxNPSr9OwFLzpYygNP47a1XOHtPQdhYPv4wEhSSqt++/BF9CSnhPHZgAbAslskSqB\r\nKowCR4ju3Xu3yNpIJ1DQR0+ZtvgUvhj9jRtDkKlUa6fhVOkfxD1k3VACTJ7xT5/H\r\npve5YXHNZwZQSiSZAqz+fQuIhhkxQeVHDH4nKkuYJJwGxl63tvtcDPOiszZapatr\r\nspZlb0yiPg4dq/xWKTZ7JkGwIutjUx7yU99Fm20UUiChAt3+7szEhwPeQSeh/KVT\r\nZxTcfA3Gc1LBuTz8z2m4\r\n=TGwF\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-13T00:00:00", "published": "2014-10-13T00:00:00", "id": "SECURITYVULNS:DOC:31148", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31148", "title": "[SECURITY] [DSA 3045-1] qemu security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-3689", "CVE-2014-0146", "CVE-2014-0223", "CVE-2014-8106", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-7815", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "Multiple memory corruptions, DoS, information leakage.", "edition": 1, "modified": "2014-12-08T00:00:00", "published": "2014-12-08T00:00:00", "id": "SECURITYVULNS:VULN:14003", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14003", "title": "qemu multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "description": "[0.12.1.2-2.415.el6_5.14]\n- The commit for zrelease .13 was incomplete; the changes to qemu-kvm.spec\n did not include the '%patchNNNN -p1' lines for patches 4647 through 4655;\n so although the patch files themselves were committed, the srpm build\n did not pick them up. In addition, the commit log did not describe the\n patches.\n This commit corrects these problems and bumps the zrelease to .14.\n[0.12.1.2-2.415.el6_5.13]\n- kvm-block-Create-proper-size-file-for-disk-mirror.patch [bz#1109715]\n- kvm-block-Fix-bdrv_is_allocated-return-value.patch [bz#1109715]\n- kvm-scsi-bus-prepare-scsi_req_new-for-introduction-of-pars.patch [bz#1125131]\n- kvm-scsi-bus-introduce-parse_cdb-in-SCSIDeviceClass-and-SC.patch [bz#1125131]\n- kvm-scsi-block-extract-scsi_block_is_passthrough.patch [bz#1125131]\n- kvm-scsi-block-scsi-generic-implement-parse_cdb.patch [bz#1125131]\n- kvm-virtio-scsi-implement-parse_cdb.patch [bz#1125131]\n- kvm-virtio-scsi-Fix-reset-callback-for-virtio-scsi.patch [bz#1123271]\n- kvm-virtio-scsi-add-ioeventfd-support.patch [bz#1123271]\n- Resolves: bz#1109715\n (live incremental migration of vm with common shared base, size(disk) > size(base) transfers unallocated sectors, explodes disk on dest)\n- Resolves: bz#1123271\n (Enable ioenventfd for virtio-scsi-pci)\n- Resolves: bz#1125131\n ([FJ6.5 Bug] SCSI command issued from KVM guest doesn't reach target device)\n[0.12.1.2-2.415.el6_5.12]\n- kvm-qcow-Return-real-error-code-in-qcow_open.txt [bz#1097225]\n- kvm-qcow1-Make-padding-in-the-header-explicit.txt [bz#1097225]\n- kvm-qcow1-Check-maximum-cluster-size.txt [bz#1097225]\n- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.txt [bz#1097225]\n- kvm-qcow1-Validate-image-size-CVE-2014-0223.txt [bz#1097234]\n- kvm-qcow1-Stricter-backing-file-length-check.txt [bz#1097234]\n- Resolves: bz#1097225\n (CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-6.5.z])\n- Resolves: bz#1097234\n (CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-6.5.z])\n[0.12.1.2-2.415.el6_5.11]\n- kvm-block-Fix-bdrv_is_allocated-for-short-backing-files.patch [bz#1109715]\n- Resolves: bz#1109715\n (live incremental migration of vm with common shared base, size(disk) > size(base) transfers unallocated sectors, explodes disk on dest)", "edition": 4, "modified": "2014-08-19T00:00:00", "published": "2014-08-19T00:00:00", "id": "ELSA-2014-1075", "href": "http://linux.oracle.com/errata/ELSA-2014-1075.html", "title": "qemu-kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4536", "CVE-2013-4542", "CVE-2014-0223", "CVE-2013-4527", "CVE-2013-4535", "CVE-2014-0222", "CVE-2013-6399", "CVE-2013-4541", "CVE-2014-0182", "CVE-2013-4149", "CVE-2013-4148", "CVE-2014-3461", "CVE-2013-4151", "CVE-2013-4529", "CVE-2013-4150"], "description": "[1.5.3-60.el7_0.5]\n- kvm-Allow-mismatched-virtio-config-len.patch [bz#1095782]\n- Resolves: bz#1095782\n (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z])\n[1.5.3-60.el7_0.4]\n- kvm-zero-initialize-KVM_SET_GSI_ROUTING-input.patch [bz#1110693]\n- kvm-skip-system-call-when-msi-route-is-unchanged.patch [bz#1110693]\n- Resolves: bz#1110693\n (2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)\n[1.5.3-60.el7_0.3]\n- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095677]\n- kvm-virtio-net-out-of-bounds-buffer-write-on-load.patch [bz#1095684]\n- kvm-virtio-net-out-of-bounds-buffer-write-on-invalid-sta.patch [bz#1095689]\n- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095694]\n- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095737]\n- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095741]\n- kvm-virtio-validate-config_len-on-load.patch [bz#1095782]\n- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095765]\n- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095765]\n- kvm-vmstate-add-VMS_MUST_EXIST.patch [bz#1095706]\n- kvm-vmstate-add-VMSTATE_VALIDATE.patch [bz#1095706]\n- kvm-hpet-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095706]\n- kvm-hw-pci-pcie_aer.c-fix-buffer-overruns-on-invalid-sta.patch [bz#1095714]\n- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095746]\n- kvm-usb-sanity-check-setup_index-setup_len-in-post_l2.patch [bz#1095746]\n- kvm-usb-fix-up-post-load-checks.patch [bz#1096828]\n- kvm-XBZRLE-Fix-qemu-crash-when-resize-the-xbzrle-cache.patch [bz#1110191]\n- kvm-Provide-init-function-for-ram-migration.patch [bz#1110191]\n- kvm-Init-the-XBZRLE.lock-in-ram_mig_init.patch [bz#1110191]\n- kvm-XBZRLE-Fix-one-XBZRLE-corruption-issues.patch [bz#1110191]\n- kvm-Count-used-RAMBlock-pages-for-migration_dirty_pages.patch [bz#1110189]\n- kvm-qcow-correctly-propagate-errors.patch [bz#1097229]\n- kvm-qcow1-Make-padding-in-the-header-explicit.patch [bz#1097229]\n- kvm-qcow1-Check-maximum-cluster-size.patch [bz#1097229]\n- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.patch [bz#1097229]\n- kvm-qcow1-Validate-image-size-CVE-2014-0223.patch [bz#1097236]\n- kvm-qcow1-Stricter-backing-file-length-check.patch [bz#1097236]\n- kvm-char-restore-read-callback-on-a-reattached-hotplug-c.patch [bz#1110219]\n- kvm-qcow2-Free-preallocated-zero-clusters.patch [bz#1110188]\n- kvm-qemu-iotests-Discard-preallocated-zero-clusters.patch [bz#1110188]\n- Resolves: bz#1095677\n (CVE-2013-4148 qemu-kvm: qemu: virtio-net: buffer overflow on invalid state load [rhel-7.0.z])\n- Resolves: bz#1095684\n (CVE-2013-4149 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on load [rhel-7.0.z])\n- Resolves: bz#1095689\n (CVE-2013-4150 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on invalid state load [rhel-7.0.z])\n- Resolves: bz#1095694\n (CVE-2013-4151 qemu-kvm: qemu: virtio: out-of-bounds buffer write on invalid state load [rhel-7.0.z])\n- Resolves: bz#1095706\n (CVE-2013-4527 qemu-kvm: qemu: hpet: buffer overrun on invalid state load [rhel-7.0.z])\n- Resolves: bz#1095714\n (CVE-2013-4529 qemu-kvm: qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load [rhel-7.0.z])\n- Resolves: bz#1095737\n (CVE-2013-6399 qemu-kvm: qemu: virtio: buffer overrun on incoming migration [rhel-7.0.z])\n- Resolves: bz#1095741\n (CVE-2013-4542 qemu-kvm: qemu: virtio-scsi: buffer overrun on invalid state load [rhel-7.0.z])\n- Resolves: bz#1095746\n (CVE-2013-4541 qemu-kvm: qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load [rhel-7.0.z])\n- Resolves: bz#1095765\n (CVE-2013-4535 CVE-2013-4536 qemu-kvm: qemu: virtio: insufficient validation of num_sg when mapping [rhel-7.0.z])\n- Resolves: bz#1095782\n (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z])\n- Resolves: bz#1096828\n (CVE-2014-3461 qemu-kvm: Qemu: usb: fix up post load checks [rhel-7.0.z])\n- Resolves: bz#1097229\n (CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-7.0.z])\n- Resolves: bz#1097236\n (CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-7.0.z])\n- Resolves: bz#1110188\n (qcow2 corruptions (leaked clusters after installing a rhel7 guest using virtio_scsi))\n- Resolves: bz#1110189\n (migration can not finish with 1024k 'remaining ram' left after hotunplug 4 nics)\n- Resolves: bz#1110191\n (Reduce the migrate cache size during migration causes qemu segment fault)\n- Resolves: bz#1110219\n (Guest can't receive any character transmitted from host after hot unplugging virtserialport then hot plugging again)", "edition": 4, "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "ELSA-2014-0927", "href": "http://linux.oracle.com/errata/ELSA-2014-0927.html", "title": "qemu-kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4536", "CVE-2013-4542", "CVE-2014-0223", "CVE-2014-8106", "CVE-2014-2894", "CVE-2013-4527", "CVE-2013-4535", "CVE-2014-0222", "CVE-2014-3640", "CVE-2013-6399", "CVE-2013-4541", "CVE-2014-0182", "CVE-2013-4149", "CVE-2013-4148", "CVE-2014-7815", "CVE-2014-3461", "CVE-2014-7840", "CVE-2013-4151", "CVE-2014-3615", "CVE-2013-4529", "CVE-2014-5263", "CVE-2013-4150"], "description": "[1.5.3-86.el7]\n- kvm-vfio-pci-Fix-interrupt-disabling.patch [bz#1180942]\n- kvm-cirrus-fix-blit-region-check.patch [bz#1169456]\n- kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1169456]\n- Resolves: bz#1169456\n (CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks [rhel-7.1])\n- Resolves: bz#1180942\n (qemu core dumped when unhotplug gpu card assigned to guest)\n[1.5.3-85.el7]\n- kvm-block-delete-cow-block-driver.patch [bz#1175325]\n- Resolves: bz#1175325\n (Delete cow block driver)\n[1.5.3-84.el7]\n- kvm-qemu-iotests-Test-case-for-backing-file-deletion.patch [bz#1002493]\n- kvm-qemu-iotests-Add-sample-image-and-test-for-VMDK-vers.patch [bz#1134237]\n- kvm-vmdk-Check-VMFS-extent-line-field-number.patch [bz#1134237]\n- kvm-qemu-iotests-Introduce-_unsupported_imgopts.patch [bz#1002493]\n- kvm-qemu-iotests-Add-_unsupported_imgopts-for-vmdk-subfo.patch [bz#1002493]\n- kvm-vmdk-Fix-big-flat-extent-IO.patch [bz#1134241]\n- kvm-vmdk-Check-for-overhead-when-opening.patch [bz#1134251]\n- kvm-block-vmdk-add-basic-.bdrv_check-support.patch [bz#1134251]\n- kvm-qemu-iotest-Make-077-raw-only.patch [bz#1134237]\n- kvm-qemu-iotests-Don-t-run-005-on-vmdk-split-formats.patch [bz#1002493]\n- kvm-vmdk-extract-vmdk_read_desc.patch [bz#1134251]\n- kvm-vmdk-push-vmdk_read_desc-up-to-caller.patch [bz#1134251]\n- kvm-vmdk-do-not-try-opening-a-file-as-both-image-and-des.patch [bz#1134251]\n- kvm-vmdk-correctly-propagate-errors.patch [bz#1134251]\n- kvm-block-vmdk-do-not-report-file-offset-for-compressed-.patch [bz#1134251]\n- kvm-vmdk-Fix-d-and-lld-to-PRI-in-format-strings.patch [bz#1134251]\n- kvm-vmdk-Fix-x-to-PRIx32-in-format-strings-for-cid.patch [bz#1134251]\n- kvm-qemu-img-Convert-by-cluster-size-if-target-is-compre.patch [bz#1134283]\n- kvm-vmdk-Implement-.bdrv_write_compressed.patch [bz#1134283]\n- kvm-vmdk-Implement-.bdrv_get_info.patch [bz#1134283]\n- kvm-qemu-iotests-Test-converting-to-streamOptimized-from.patch [bz#1134283]\n- kvm-vmdk-Fix-local_err-in-vmdk_create.patch [bz#1134283]\n- kvm-fpu-softfloat-drop-INLINE-macro.patch [bz#1002493]\n- kvm-block-New-bdrv_nb_sectors.patch [bz#1002493]\n- kvm-vmdk-Optimize-cluster-allocation.patch [bz#1002493]\n- kvm-vmdk-Handle-failure-for-potentially-large-allocation.patch [bz#1002493]\n- kvm-vmdk-Use-bdrv_nb_sectors-where-sectors-not-bytes-are.patch [bz#1002493]\n- kvm-vmdk-fix-vmdk_parse_extents-extent_file-leaks.patch [bz#1002493]\n- kvm-vmdk-fix-buf-leak-in-vmdk_parse_extents.patch [bz#1002493]\n- kvm-vmdk-Fix-integer-overflow-in-offset-calculation.patch [bz#1002493]\n- kvm-migration-fix-parameter-validation-on-ram-load-CVE-2.patch [bz#1163078]\n- Resolves: bz#1002493\n (qemu-img convert rate about 100k/second from qcow2/raw to vmdk format on nfs system file)\n- Resolves: bz#1134237\n (Opening malformed VMDK description file should fail)\n- Resolves: bz#1134241\n (QEMU fails to correctly read/write on VMDK with big flat extent)\n- Resolves: bz#1134251\n (Opening an obviously truncated VMDK image should fail)\n- Resolves: bz#1134283\n (qemu-img convert from ISO to streamOptimized fails)\n- Resolves: bz#1163078\n (CVE-2014-7840 qemu-kvm: qemu: insufficient parameter validation during ram load [rhel-7.1])\n[1.5.3-83.el7]\n- kvm-xhci-add-sanity-checks-to-xhci_lookup_uport.patch [bz#1074219]\n- kvm-Revert-Build-ceph-rbd-only-for-rhev.patch [bz#1140742]\n- kvm-Revert-rbd-Only-look-for-qemu-specific-copy-of-librb.patch [bz#1140742]\n- kvm-Revert-rbd-link-and-load-librbd-dynamically.patch [bz#1140742]\n- kvm-spec-Enable-rbd-driver-add-dependency.patch [bz#1140742]\n- Resolves: bz#1074219\n (qemu core dump when install a RHEL.7 guest(xhci) with migration)\n- Resolves: bz#1140742\n (Enable native support for Ceph)\n[1.5.3-82.el7]\n- kvm-hw-pci-fixed-error-flow-in-pci_qdev_init.patch [bz#1046007]\n- kvm-hw-pci-fixed-hotplug-crash-when-using-rombar-0-with-.patch [bz#1046007]\n- Resolves: bz#1046007\n (qemu-kvm aborted when hot plug PCI device to guest with romfile and rombar=0)\n[1.5.3-81.el7]\n- kvm-migration-static-variables-will-not-be-reset-at-seco.patch [bz#1071776]\n- kvm-vfio-pci-Add-debug-config-options-to-disable-MSI-X-K.patch [bz#1098976]\n- kvm-vfio-correct-debug-macro-typo.patch [bz#1098976]\n- kvm-vfio-pci-Fix-MSI-X-debug-code.patch [bz#1098976]\n- kvm-vfio-pci-Fix-MSI-X-masking-performance.patch [bz#1098976]\n- kvm-vfio-Fix-MSI-X-vector-expansion.patch [bz#1098976]\n- kvm-vfio-Don-t-cache-MSIMessage.patch [bz#1098976]\n- Resolves: bz#1071776\n (Migration 'expected downtime' does not refresh after reset to a new value)\n- Resolves: bz#1098976\n (2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)\n[1.5.3-80.el7]\n- kvm-dump-RHEL-specific-fix-for-CPUState-bug-introduced-b.patch [bz#1161563]\n- kvm-dump-guest-memory-Check-for-the-correct-return-value.patch [bz#1157798]\n- kvm-dump-const-qualify-the-buf-of-WriteCoreDumpFunction.patch [bz#1157798]\n- kvm-dump-add-argument-to-write_elfxx_notes.patch [bz#1157798]\n- kvm-dump-add-API-to-write-header-of-flatten-format.patch [bz#1157798]\n- kvm-dump-add-API-to-write-vmcore.patch [bz#1157798]\n- kvm-dump-add-API-to-write-elf-notes-to-buffer.patch [bz#1157798]\n- kvm-dump-add-support-for-lzo-snappy.patch [bz#1157798]\n- kvm-RPM-spec-build-qemu-kvm-with-lzo-and-snappy-enabled-.patch [bz#1157798]\n- kvm-dump-add-members-to-DumpState-and-init-some-of-them.patch [bz#1157798]\n- kvm-dump-add-API-to-write-dump-header.patch [bz#1157798]\n- kvm-dump-add-API-to-write-dump_bitmap.patch [bz#1157798]\n- kvm-dump-add-APIs-to-operate-DataCache.patch [bz#1157798]\n- kvm-dump-add-API-to-write-dump-pages.patch [bz#1157798]\n- kvm-dump-Drop-qmp_dump_guest_memory-stub-and-build-for-a.patch [bz#1157798]\n- kvm-dump-make-kdump-compressed-format-available-for-dump.patch [bz#1157798]\n- kvm-Define-the-architecture-for-compressed-dump-format.patch [bz#1157798]\n- kvm-dump-add-query-dump-guest-memory-capability-command.patch [bz#1157798]\n- kvm-dump-Drop-pointless-error_is_set-DumpState-member-er.patch [bz#1157798]\n- kvm-dump-fill-in-the-flat-header-signature-more-pleasing.patch [bz#1157798]\n- kvm-dump-simplify-write_start_flat_header.patch [bz#1157798]\n- kvm-dump-eliminate-DumpState.page_shift-guest-s-page-shi.patch [bz#1157798]\n- kvm-dump-eliminate-DumpState.page_size-guest-s-page-size.patch [bz#1157798]\n- kvm-dump-select-header-bitness-based-on-ELF-class-not-EL.patch [bz#1157798]\n- kvm-dump-hoist-lzo_init-from-get_len_buf_out-to-dump_ini.patch [bz#1157798]\n- kvm-dump-simplify-get_len_buf_out.patch [bz#1157798]\n- kvm-rename-parse_enum_option-to-qapi_enum_parse-and-make.patch [bz#1087724]\n- kvm-qapi-introduce-PreallocMode-and-new-PreallocModes-fu.patch [bz#1087724]\n- kvm-raw-posix-Add-falloc-and-full-preallocation-option.patch [bz#1087724]\n- kvm-qcow2-Add-falloc-and-full-preallocation-option.patch [bz#1087724]\n- kvm-vga-fix-invalid-read-after-free.patch [bz#1161890]\n- kvm-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch [bz#1140618]\n- kvm-vnc-sanitize-bits_per_pixel-from-the-client.patch [bz#1157645]\n- kvm-spice-call-qemu_spice_set_passwd-during-init.patch [bz#1138639]\n- kvm-block-raw-posix-Try-both-FIEMAP-and-SEEK_HOLE.patch [bz#1160237]\n- kvm-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch [bz#1160237]\n- kvm-block-raw-posix-use-seek_hole-ahead-of-fiemap.patch [bz#1160237]\n- kvm-raw-posix-Fix-raw_co_get_block_status-after-EOF.patch [bz#1160237]\n- kvm-raw-posix-raw_co_get_block_status-return-value.patch [bz#1160237]\n- kvm-raw-posix-SEEK_HOLE-suffices-get-rid-of-FIEMAP.patch [bz#1160237]\n- kvm-raw-posix-The-SEEK_HOLE-code-is-flawed-rewrite-it.patch [bz#1160237]\n- Resolves: bz#1087724\n ([Fujitsu 7.1 FEAT]: qemu-img should use fallocate() system call for 'preallocation=full' option)\n- Resolves: bz#1138639\n (fail to login spice session with password + expire time)\n- Resolves: bz#1140618\n (Should replace 'qemu-system-i386' by '/usr/libexec/qemu-kvm' in manpage of qemu-kvm for our official qemu-kvm build)\n- Resolves: bz#1157645\n (CVE-2014-7815 qemu-kvm: qemu: vnc: insufficient bits_per_pixel from the client sanitization [rhel-7.1])\n- Resolves: bz#1157798\n ([FEAT RHEL7.1]: qemu: Support compression for dump-guest-memory command)\n- Resolves: bz#1160237\n (qemu-img convert intermittently corrupts output images)\n- Resolves: bz#1161563\n (invalid QEMU NOTEs in vmcore that is dumped for multi-VCPU guests)\n- Resolves: bz#1161890\n ([abrt] qemu-kvm: pixman_image_get_data(): qemu-kvm killed by SIGSEGV)\n[1.5.3-79.el7]\n- kvm-libcacard-link-against-qemu-error.o-for-error_report.patch [bz#1088176]\n- kvm-error-Add-error_abort.patch [bz#1088176]\n- kvm-blockdev-Fail-blockdev-add-with-encrypted-images.patch [bz#1088176]\n- kvm-blockdev-Fix-NULL-pointer-dereference-in-blockdev-ad.patch [bz#1088176]\n- kvm-qemu-iotests-Test-a-few-blockdev-add-error-cases.patch [bz#1088176]\n- kvm-block-Add-errp-to-bdrv_new.patch [bz#1088176]\n- kvm-qemu-img-Avoid-duplicate-block-device-IDs.patch [bz#1088176]\n- kvm-block-Catch-duplicate-IDs-in-bdrv_new.patch [bz#1088176]\n- kvm-qemu-img-Allow-source-cache-mode-specification.patch [bz#1138691]\n- kvm-qemu-img-Allow-cache-mode-specification-for-amend.patch [bz#1138691]\n- kvm-qemu-img-clarify-src_cache-option-documentation.patch [bz#1138691]\n- kvm-qemu-img-fix-rebase-src_cache-option-documentation.patch [bz#1138691]\n- kvm-qemu-img-fix-img_compare-flags-error-path.patch [bz#1138691]\n- kvm-ac97-register-reset-via-qom.patch [bz#1141667]\n- kvm-virtio-blk-Factor-common-checks-out-of-virtio_blk_ha.patch [bz#1085232]\n- kvm-virtio-blk-Bypass-error-action-and-I-O-accounting-on.patch [bz#1085232]\n- kvm-virtio-blk-Treat-read-write-beyond-end-as-invalid.patch [bz#1085232]\n- kvm-ide-Treat-read-write-beyond-end-as-invalid.patch [bz#1085232]\n- kvm-ide-only-constrain-read-write-requests-to-drive-size.patch [bz#1085232]\n- Resolves: bz#1085232\n (Ilegal guest requests on block devices pause the VM)\n- Resolves: bz#1088176\n (QEMU fail to check whether duplicate ID for block device drive using 'blockdev-add' to hotplug)\n- Resolves: bz#1138691\n (Allow qemu-img to bypass the host cache (check, compare, convert, rebase, amend))\n- Resolves: bz#1141667\n (Qemu crashed if reboot guest after hot remove AC97 sound device)\n[1.5.3-78.el7]\n- kvm-slirp-udp-fix-NULL-pointer-dereference-because-of-un.patch [bz#1144820]\n- kvm-hw-pci-fix-error-flow-in-pci-multifunction-init.patch [bz#1049734]\n- kvm-rhel-Drop-machine-type-pc-q35-rhel7.0.0.patch [bz#1111107]\n- kvm-virtio-scsi-Plug-memory-leak-on-virtio_scsi_push_eve.patch [bz#1088822]\n- kvm-virtio-scsi-Report-error-if-num_queues-is-0-or-too-l.patch [bz#1089606]\n- kvm-virtio-scsi-Fix-memory-leak-when-realize-failed.patch [bz#1089606]\n- kvm-virtio-scsi-Fix-num_queue-input-validation.patch [bz#1089606]\n- kvm-Revert-linux-aio-use-event-notifiers.patch [bz#1104748]\n- kvm-specfile-Require-glusterfs-api-3.6.patch [bz#1155518]\n- Resolves: bz#1049734\n (PCI: QEMU crash on illegal operation: attaching a function to a non multi-function device)\n- Resolves: bz#1088822\n (hot-plug a virtio-scsi disk via 'blockdev-add' always cause QEMU quit)\n- Resolves: bz#1089606\n (QEMU will not reject invalid number of queues (num_queues = 0) specified for virtio-scsi)\n- Resolves: bz#1104748\n (48% reduction in IO performance for KVM guest, io=native)\n- Resolves: bz#1111107\n (Remove Q35 machine type from qemu-kvm)\n- Resolves: bz#1144820\n (CVE-2014-3640 qemu-kvm: qemu: slirp: NULL pointer deref in sosendto() [rhel-7.1])\n- Resolves: bz#1155518\n (qemu-kvm: undefined symbol: glfs_discard_async)\n[1.5.3-77.el7]\n- kvm-seccomp-add-semctl-to-the-syscall-whitelist.patch [bz#1026314]\n- kvm-Revert-kvmclock-Ensure-proper-env-tsc-value-for-kvmc.patch [bz#1098602 bz#1130428]\n- kvm-Revert-kvmclock-Ensure-time-in-migration-never-goes-.patch [bz#1098602 bz#1130428]\n- kvm-Introduce-cpu_clean_all_dirty.patch [bz#1098602 bz#1130428]\n- kvm-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock.v2.patch [bz#1098602 bz#1130428]\n- kvm-kvmclock-Ensure-time-in-migration-never-goes-back.v2.patch [bz#1098602 bz#1130428]\n- Resolves: bz#1026314\n (BUG: qemu-kvm hang when use '-sandbox on'+'vnc'+'hda')\n- Resolves: bz#1098602\n (kvmclock: Ensure time in migration never goes backward (backport))\n- Resolves: bz#1130428\n (After migration of RHEL7.1 guest with '-vga qxl', GUI console is hang)\n[1.5.3-76.el7]\n- kvm-usb-hcd-xhci-QOM-Upcast-Sweep.patch [bz#980747]\n- kvm-usb-hcd-xhci-QOM-parent-field-cleanup.patch [bz#980747]\n- kvm-uhci-egsm-fix.patch [bz#1046873]\n- kvm-usb-redir-fix-use-after-free.patch [bz#1046574 bz#1088116]\n- kvm-xhci-remove-leftover-debug-printf.patch [bz#980833]\n- kvm-xhci-add-tracepoint-for-endpoint-state-changes.patch [bz#980833]\n- kvm-xhci-add-port-to-slot_address-tracepoint.patch [bz#980833]\n- kvm-usb-parallelize-usb3-streams.patch [bz#1075846]\n- kvm-xhci-Init-a-transfers-xhci-slotid-and-epid-member-on.patch [bz#1075846]\n- kvm-xhci-Add-xhci_epid_to_usbep-helper-function.patch [bz#980833]\n- kvm-xhci-Fix-memory-leak-on-xhci_disable_ep.patch [bz#980833]\n- kvm-usb-Also-reset-max_packet_size-on-ep_reset.patch [bz#1075846]\n- kvm-usb-Fix-iovec-memleak-on-combined-packet-free.patch [bz#1075846]\n- kvm-usb-hcd-xhci-Remove-unused-sstreamsm-member-from-XHC.patch [bz#980747]\n- kvm-usb-hcd-xhci-Remove-unused-cancelled-member-from-XHC.patch [bz#980747]\n- kvm-usb-hcd-xhci-Report-completion-of-active-transfer-wi.patch [bz#980747]\n- kvm-usb-hcd-xhci-Update-endpoint-context-dequeue-pointer.patch [bz#980747]\n- kvm-xhci-Add-a-few-missing-checks-for-disconnected-devic.patch [bz#980833]\n- kvm-usb-Add-max_streams-attribute-to-endpoint-info.patch [bz#1111450]\n- kvm-usb-Add-usb_device_alloc-free_streams.patch [bz#1111450]\n- kvm-xhci-Call-usb_device_alloc-free_streams.patch [bz#980833]\n- kvm-uhci-invalidate-queue-on-device-address-changes.patch [bz#1111450]\n- kvm-xhci-iso-fix-time-calculation.patch [bz#949385]\n- kvm-xhci-iso-allow-for-some-latency.patch [bz#949385]\n- kvm-xhci-switch-debug-printf-to-tracepoint.patch [bz#980747]\n- kvm-xhci-use-DPRINTF-instead-of-fprintf-stderr.patch [bz#980833]\n- kvm-xhci-child-detach-fix.patch [bz#980833]\n- kvm-usb-add-usb_pick_speed.patch [bz#1075846]\n- kvm-xhci-make-port-reset-trace-point-more-verbose.patch [bz#980833]\n- kvm-usb-initialize-libusb_device-to-avoid-crash.patch [bz#1111450]\n- kvm-target-i386-get-CPL-from-SS.DPL.patch [bz#1097363]\n- kvm-trace-use-unique-Red-Hat-version-number-in-simpletra.patch [bz#1088112]\n- kvm-trace-add-pid-field-to-simpletrace-record.patch [bz#1088112]\n- kvm-simpletrace-add-support-for-trace-record-pid-field.patch [bz#1088112]\n- kvm-simpletrace-add-simpletrace.py-no-header-option.patch [bz#1088112]\n- kvm-trace-extract-stap_escape-function-for-reuse.patch [bz#1088112]\n- kvm-trace-add-tracetool-simpletrace_stap-format.patch [bz#1088112]\n- kvm-trace-install-simpletrace-SystemTap-tapset.patch [bz#1088112]\n- kvm-trace-install-trace-events-file.patch [bz#1088112]\n- kvm-trace-add-SystemTap-init-scripts-for-simpletrace-bri.patch [bz#1088112]\n- kvm-simpletrace-install-simpletrace.py.patch [bz#1088112]\n- kvm-trace-add-systemtap-initscript-README-file-to-RPM.patch [bz#1088112]\n- kvm-rdma-Fix-block-during-rdma-migration.patch [bz#1152969]\n- Resolves: bz#1046574\n (fail to passthrough the USB speaker redirected from usb-redir with xhci controller)\n- Resolves: bz#1046873\n (fail to be recognized the hotpluging usb-storage device with xhci controller in win2012R2 guest)\n- Resolves: bz#1075846\n (qemu-kvm core dumped when hotplug/unhotplug USB3.0 device multi times)\n- Resolves: bz#1088112\n ([Fujitsu 7.1 FEAT]:QEMU: capturing trace data all the time using ftrace-based tracing)\n- Resolves: bz#1088116\n (qemu crash when device_del usb-redir)\n- Resolves: bz#1097363\n (qemu ' KVM internal error. Suberror: 1' when query cpu frequently during pxe boot in Intel 'Q95xx' host)\n- Resolves: bz#1111450\n (Guest crash when hotplug usb while disable virt_use_usb)\n- Resolves: bz#1152969\n (Qemu-kvm got stuck when migrate to wrong RDMA ip)\n- Resolves: bz#949385\n (passthrough USB speaker to win2012 guest fail to work well)\n- Resolves: bz#980747\n (flood with 'xhci: wrote doorbell while xHC stopped or paused' when redirected USB Webcam from usb-host with xHCI controller)\n- Resolves: bz#980833\n (xhci: FIXME: endpoint stopped w/ xfers running, data might be lost)\n[1.5.3-75.el7]\n- kvm-target-i386-Broadwell-CPU-model.patch [bz#1116117]\n- kvm-pc-Add-Broadwell-CPUID-compatibility-bits.patch [bz#1116117]\n- kvm-virtio-balloon-fix-integer-overflow-in-memory-stats-.patch [bz#1142290]\n- Resolves: bz#1116117\n ([Intel 7.1 FEAT] Broadwell new instructions support for KVM - qemu-kvm)\n- Resolves: bz#1142290\n (guest is stuck when setting balloon memory with large guest-stats-polling-interval)\n[1.5.3-74.el7]\n- kvm-ide-Add-wwn-support-to-IDE-ATAPI-drive.patch [bz#1131316]\n- kvm-vmdk-Allow-vmdk_create-to-work-with-protocol.patch [bz#1098086]\n- kvm-block-make-vdi-bounds-check-match-upstream.patch [bz#1098086]\n- kvm-vdi-say-why-an-image-is-bad.patch [bz#1098086]\n- kvm-block-do-not-abuse-EMEDIUMTYPE.patch [bz#1098086]\n- kvm-cow-correctly-propagate-errors.patch [bz#1098086]\n- kvm-block-Use-correct-width-in-format-strings.patch [bz#1098086]\n- kvm-vdi-remove-double-conversion.patch [bz#1098086]\n- kvm-block-vdi-Error-out-immediately-in-vdi_create.patch [bz#1098086]\n- kvm-vpc-Implement-.bdrv_has_zero_init.patch [bz#1098086]\n- kvm-block-vpc-use-QEMU_PACKED-for-on-disk-structures.patch [bz#1098086]\n- kvm-block-allow-bdrv_unref-to-be-passed-NULL-pointers.patch [bz#1098086]\n- kvm-block-vdi-use-block-layer-ops-in-vdi_create-instead-.patch [bz#1098086]\n- kvm-block-use-the-standard-ret-instead-of-result.patch [bz#1098086]\n- kvm-block-vpc-use-block-layer-ops-in-vpc_create-instead-.patch [bz#1098086]\n- kvm-block-iotest-update-084-to-test-static-VDI-image-cre.patch [bz#1098086]\n- kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925]\n- kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925]\n- kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925]\n- kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925]\n- Resolves: bz#1098086\n (RFE: Supporting creating vmdk/vdi/vpc format disk with protocols (glusterfs))\n- Resolves: bz#1122925\n (Maintain relative path to backing file image during live merge (block-commit))\n- Resolves: bz#1131316\n (fail to specify wwn for virtual IDE CD-ROM)\n[1.5.3-73.el7]\n- kvm-scsi-disk-fix-bug-in-scsi_block_new_request-introduc.patch [bz#1105880]\n- Resolves: bz#1105880\n (bug in scsi_block_new_request() function introduced by upstream commit 137745c5c60f083ec982fe9e861e8c16ebca1ba8)\n[1.5.3-72.el7]\n- kvm-vbe-make-bochs-dispi-interface-return-the-correct-me.patch [bz#1139118]\n- kvm-vbe-rework-sanity-checks.patch [bz#1139118]\n- kvm-spice-display-add-display-channel-id-to-the-debug-me.patch [bz#1139118]\n- kvm-spice-make-sure-we-don-t-overflow-ssd-buf.patch [bz#1139118]\n- Resolves: bz#1139118\n (CVE-2014-3615 qemu-kvm: Qemu: crash when guest sets high resolution [rhel-7.1])\n[1.5.3-71.el7]\n- kvm-spice-move-qemu_spice_display_-from-spice-graphics-t.patch [bz#1054077]\n- kvm-spice-move-spice_server_vm_-start-stop-calls-into-qe.patch [bz#1054077]\n- kvm-spice-stop-server-for-qxl-hard-reset.patch [bz#1054077]\n- kvm-qemu-Adjust-qemu-wakeup.patch [bz#1064156]\n- kvm-vmstate_xhci_event-fix-unterminated-field-list.patch [bz#1122147]\n- kvm-vmstate_xhci_event-bug-compat-with-RHEL-7.0-RHEL-onl.patch [bz#1122147]\n- kvm-pflash_cfi01-write-flash-contents-to-bdrv-on-incomin.patch [bz#1139702]\n- kvm-ide-test-Add-enum-value-for-DEV.patch [bz#1123372]\n- kvm-ide-test-Add-FLUSH-CACHE-test-case.patch [bz#1123372]\n- kvm-ide-Fix-segfault-when-flushing-a-device-that-doesn-t.patch [bz#1123372]\n- kvm-IDE-Fill-the-IDENTIFY-request-consistently.patch [bz#852348]\n- kvm-ide-Add-resize-callback-to-ide-core.patch [bz#852348]\n- Resolves: bz#1054077\n (qemu crash when reboot win7 guest with spice display)\n- Resolves: bz#1064156\n ([qxl] The guest show black screen while resumed guest which managedsaved in pmsuspended status.)\n- Resolves: bz#1122147\n (CVE-2014-5263 vmstate_xhci_event: fix unterminated field list)\n- Resolves: bz#1123372\n (qemu-kvm crashed when doing iofuzz testing)\n- Resolves: bz#1139702\n (pflash (UEFI varstore) migration shortcut for libvirt [RHEL])\n- Resolves: bz#852348\n (fail to block_resize local data disk with IDE/AHCI disk_interface)\n[1.5.3-70.el7]\n- kvm-Enforce-stack-protector-usage.patch [bz#1064260]\n- kvm-pc-increase-maximal-VCPU-count-to-240.patch [bz#1134408]\n- kvm-gluster-Add-discard-support-for-GlusterFS-block-driv.patch [bz#1136534]\n- kvm-gluster-default-scheme-to-gluster-and-host-to-localh.patch [bz#1088150]\n- kvm-qdev-properties-system.c-Allow-vlan-or-netdev-for-de.patch [bz#996011]\n- kvm-vl-process-object-after-other-backend-options.patch [bz#1128095]\n- Resolves: bz#1064260\n (Handle properly --enable-fstack-protector option)\n- Resolves: bz#1088150\n (qemu-img coredumpd when try to create a gluster format image)\n- Resolves: bz#1128095\n (chardev 'chr0' isn't initialized when we try to open rng backend)\n- Resolves: bz#1134408\n ([HP 7.1 FEAT] Increase qemu-kvm's VCPU limit to 240)\n- Resolves: bz#1136534\n (glusterfs backend does not support discard)\n- Resolves: bz#996011\n (vlan and queues options cause core dumped when qemu-kvm process quit(or ctrl+c))\n[1.5.3-69.el7]\n- kvm-rdma-bug-fixes.patch [bz#1107821]\n- kvm-virtio-serial-report-frontend-connection-state-via-m.patch [bz#1122151]\n- kvm-char-report-frontend-open-closed-state-in-query-char.patch [bz#1122151]\n- kvm-acpi-fix-tables-for-no-hpet-configuration.patch [bz#1129552]\n- kvm-mirror-Fix-resource-leak-when-bdrv_getlength-fails.patch [bz#1130603]\n- kvm-blockjob-Add-block_job_yield.patch [bz#1130603]\n- kvm-mirror-Go-through-ready-complete-process-for-0-len-i.patch [bz#1130603]\n- kvm-qemu-iotests-Test-BLOCK_JOB_READY-event-for-0Kb-imag.patch [bz#1130603]\n- kvm-block-make-top-argument-to-block-commit-optional.patch [bz#1130603]\n- kvm-qemu-iotests-Test-0-length-image-for-mirror.patch [bz#1130603]\n- kvm-mirror-Fix-qiov-size-for-short-requests.patch [bz#1130603]\n- Resolves: bz#1107821\n (rdma migration: seg if destination isn't listening)\n- Resolves: bz#1122151\n (Pass close from qemu-ga)\n- Resolves: bz#1129552\n (backport 'acpi: fix tables for no-hpet configuration')\n- Resolves: bz#1130603\n (advertise active commit to libvirt)\n[1.5.3-68.el7]\n- kvm-virtio-net-Do-not-filter-VLANs-without-F_CTRL_VLAN.patch [bz#1065724]\n- kvm-virtio-net-add-vlan-receive-state-to-RxFilterInfo.patch [bz#1065724]\n- kvm-virtio-rng-check-return-value-of-virtio_load.patch [bz#1116941]\n- kvm-qapi-treat-all-negative-return-of-strtosz_suffix-as-.patch [bz#1074403]\n- Resolves: bz#1065724\n (rx filter incorrect when guest disables VLAN filtering)\n- Resolves: bz#1074403\n (qemu-kvm can not give any warning hint when set sndbuf with negative value)\n- Resolves: bz#1116941\n (Return value of virtio_load not checked in virtio_rng_load)\n[1.5.3-67.el7]\n- kvm-vl.c-Output-error-on-invalid-machine-type.patch [bz#990724]\n- kvm-migration-dump-vmstate-info-as-a-json-file-for-stati.patch [bz#1118707]\n- kvm-vmstate-static-checker-script-to-validate-vmstate-ch.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-dump1-and-dump2-fil.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-incompat-machine-types.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-version-error-in-ma.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-version-mismatch-inside.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-minimum_version_id-chec.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-a-section.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-a-field.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-last-field-in-a-.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-change-description-name.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Fields.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Description.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Description-insi.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-a-subsection.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Subsections.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-substructure-for-us.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-size-mismatch-insid.patch [bz#1118707]\n- kvm-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch [bz#1116728]\n- kvm-block-Improve-driver-whitelist-checks.patch [bz#999789]\n- kvm-vmdk-Fix-format-specific-information-create-type-for.patch [bz#1029271]\n- kvm-virtio-pci-Report-an-error-when-msix-vectors-init-fa.patch [bz#1095645]\n- kvm-scsi-Report-error-when-lun-number-is-in-use.patch [bz#1096576]\n- kvm-util-Split-out-exec_dir-from-os_find_datadir.patch [bz#1017685]\n- kvm-rules.mak-fix-obj-to-a-real-relative-path.patch [bz#1017685]\n- kvm-rules.mak-allow-per-object-cflags-and-libs.patch [bz#1017685]\n- kvm-block-use-per-object-cflags-and-libs.patch [bz#1017685]\n- kvm-vmdk-Fix-creating-big-description-file.patch [bz#1039791]\n- Resolves: bz#1017685\n (Gluster etc. should not be a dependency of vscclient and libcacard)\n- Resolves: bz#1029271\n (Format specific information (create type) was wrong when create it specified subformat='streamOptimized')\n- Resolves: bz#1039791\n (qemu-img creates truncated VMDK image with subformat=twoGbMaxExtentFlat)\n- Resolves: bz#1095645\n (vectors of virtio-scsi-pci will be 0 when set vectors>=129)\n- Resolves: bz#1096576\n (QEMU core dumped when boot up two scsi-hd disk on the same virtio-scsi-pci controller in Intel host)\n- Resolves: bz#1116728\n (Backport qemu_bh_schedule() race condition fix)\n- Resolves: bz#1118707\n (VMstate static checker: backport -dump-vmstate feature to export json-encoded vmstate info)\n- Resolves: bz#990724\n (qemu-kvm failing when invalid machine type is provided)\n- Resolves: bz#999789\n (qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk)\n[1.5.3-66.el7]\n- kvm-xhci-fix-overflow-in-usb_xhci_post_load.patch [bz#1074219]\n- kvm-migration-qmp_migrate-keep-working-after-syntax-erro.patch [bz#1086598]\n- kvm-seccomp-add-shmctl-mlock-and-munlock-to-the-syscall-.patch [bz#1026314]\n- kvm-exit-when-no-kvm-and-vcpu-count-160.patch [bz#1076326]\n- kvm-Disallow-outward-migration-while-awaiting-incoming-m.patch [bz#1086987]\n- kvm-block-Ignore-duplicate-or-NULL-format_name-in-bdrv_i.patch [bz#1088695 bz#1093983]\n- kvm-block-vhdx-account-for-identical-header-sections.patch [bz#1097020]\n- kvm-aio-Fix-use-after-free-in-cancellation-path.patch [bz#1095877]\n- kvm-scsi-disk-Improve-error-messager-if-can-t-get-versio.patch [bz#1021788]\n- kvm-scsi-Improve-error-messages-more.patch [bz#1021788]\n- kvm-memory-Don-t-call-memory_region_update_coalesced_ran.patch [bz#1096645]\n- kvm-kvmclock-Ensure-time-in-migration-never-goes-backwar.patch [bz#1098602]\n- kvm-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock_cu.patch [bz#1098602]\n- Resolves: bz#1021788\n (the error message 'scsi generic interface too old' is wrong more often than not)\n- Resolves: bz#1026314\n (qemu-kvm hang when use '-sandbox on'+'vnc'+'hda')\n- Resolves: bz#1074219\n (qemu core dump when install a RHEL.7 guest(xhci) with migration)\n- Resolves: bz#1076326\n (qemu-kvm does not quit when booting guest w/ 161 vcpus and '-no-kvm')\n- Resolves: bz#1086598\n (migrate_cancel wont take effect on previouly wrong migrate -d cmd)\n- Resolves: bz#1086987\n (src qemu crashed when starting migration in inmigrate mode)\n- Resolves: bz#1088695\n (there are four 'gluster' in qemu-img supported format list)\n- Resolves: bz#1093983\n (there are three 'nbd' in qemu-img supported format list)\n- Resolves: bz#1095877\n (segmentation fault in qemu-kvm due to use-after-free of a SCSIGenericReq (host device pass-through))\n- Resolves: bz#1096645\n ([FJ7.0 Bug] RHEL7.0 guest attaching 150 or more virtio-blk disks fails to start up)\n- Resolves: bz#1097020\n ([RFE] qemu-img: Add/improve Disk2VHD tools creating VHDX images)\n- Resolves: bz#1098602\n (kvmclock: Ensure time in migration never goes backward (backport))\n[1.5.3-65.el7]\n- kvm-Allow-mismatched-virtio-config-len.patch [bz#1113009]\n- Resolves: bz#1113009\n (Migration failed with virtio-blk from RHEL6.5.0 host to RHEL7.0 host)\n[1.5.3-64.el7]\n- kvm-zero-initialize-KVM_SET_GSI_ROUTING-input.patch [bz#1098976]\n- kvm-skip-system-call-when-msi-route-is-unchanged.patch [bz#1098976]\n- Resolves: bz#1098976\n (2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)\n[1.5.3-63.el7]\n- kvm-char-restore-read-callback-on-a-reattached-hotplug-c.patch [bz#1038914]\n- kvm-qcow2-Free-preallocated-zero-clusters.patch [bz#1052093]\n- kvm-qemu-iotests-Discard-preallocated-zero-clusters.patch [bz#1052093]\n- kvm-XBZRLE-Fix-qemu-crash-when-resize-the-xbzrle-cache.patch [bz#1066338]\n- kvm-Provide-init-function-for-ram-migration.patch [bz#1066338]\n- kvm-Init-the-XBZRLE.lock-in-ram_mig_init.patch [bz#1066338]\n- kvm-XBZRLE-Fix-one-XBZRLE-corruption-issues.patch [bz#1066338]\n- kvm-Count-used-RAMBlock-pages-for-migration_dirty_pages.patch [bz#1074913]\n- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095678]\n- kvm-virtio-net-out-of-bounds-buffer-write-on-invalid-sta.patch [bz#1095690]\n- kvm-virtio-net-out-of-bounds-buffer-write-on-load.patch [bz#1095685]\n- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095695]\n- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095738]\n- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095742]\n- kvm-virtio-validate-config_len-on-load.patch [bz#1095783]\n- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095766]\n- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095766]\n- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095747]\n- kvm-usb-sanity-check-setup_index-setup_len-in-post_l2.patch [bz#1095747]\n- kvm-vmstate-reduce-code-duplication.patch [bz#1095716]\n- kvm-vmstate-add-VMS_MUST_EXIST.patch [bz#1095716]\n- kvm-vmstate-add-VMSTATE_VALIDATE.patch [bz#1095716]\n- kvm-hpet-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095707]\n- kvm-hw-pci-pcie_aer.c-fix-buffer-overruns-on-invalid-sta.patch [bz#1095716]\n- kvm-usb-fix-up-post-load-checks.patch [bz#1096829]\n- kvm-qcow-correctly-propagate-errors.patch [bz#1097230]\n- kvm-qcow1-Make-padding-in-the-header-explicit.patch [bz#1097230]\n- kvm-qcow1-Check-maximum-cluster-size.patch [bz#1097230]\n- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.patch [bz#1097230]\n- kvm-qcow1-Validate-image-size-CVE-2014-0223.patch [bz#1097237]\n- kvm-qcow1-Stricter-backing-file-length-check.patch [bz#1097237]\n- Resolves: bz#1038914\n (Guest can't receive any character transmitted from host after hot unplugging virtserialport then hot plugging again)\n- Resolves: bz#1052093\n (qcow2 corruptions (leaked clusters after installing a rhel7 guest using virtio_scsi))\n- Resolves: bz#1066338\n (Reduce the migrate cache size during migration causes qemu segment fault)\n- Resolves: bz#1074913\n (migration can not finish with 1024k 'remaining ram' left after hotunplug 4 nics)\n- Resolves: bz#1095678\n (CVE-2013-4148 qemu-kvm: qemu: virtio-net: buffer overflow on invalid state load [rhel-7.1])\n- Resolves: bz#1095685\n (CVE-2013-4149 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on load [rhel-7.1])\n- Resolves: bz#1095690\n (CVE-2013-4150 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on invalid state load [rhel-7.1])\n- Resolves: bz#1095695\n (CVE-2013-4151 qemu-kvm: qemu: virtio: out-of-bounds buffer write on invalid state load [rhel-7.1])\n- Resolves: bz#1095707\n (CVE-2013-4527 qemu-kvm: qemu: hpet: buffer overrun on invalid state load [rhel-7.1])\n- Resolves: bz#1095716\n (CVE-2013-4529 qemu-kvm: qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load [rhel-7.1])\n- Resolves: bz#1095738\n (CVE-2013-6399 qemu-kvm: qemu: virtio: buffer overrun on incoming migration [rhel-7.1])\n- Resolves: bz#1095742\n (CVE-2013-4542 qemu-kvm: qemu: virtio-scsi: buffer overrun on invalid state load [rhel-7.1])\n- Resolves: bz#1095747\n (CVE-2013-4541 qemu-kvm: qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load [rhel-7.1])\n- Resolves: bz#1095766\n (CVE-2013-4535 CVE-2013-4536 qemu-kvm: qemu: virtio: insufficient validation of num_sg when mapping [rhel-7.1])\n- Resolves: bz#1095783\n (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.1])\n- Resolves: bz#1096829\n (CVE-2014-3461 qemu-kvm: Qemu: usb: fix up post load checks [rhel-7.1])\n- Resolves: bz#1097230\n (CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-7.1])\n- Resolves: bz#1097237\n (CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-7.1])\n[1.5.3-62.el7]\n- kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094285]\n- Resolves: bz#1094285\n (Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.)\n[1.5.3-61.el7]\n- kvm-iscsi-fix-indentation.patch [bz#1083413]\n- kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1083413]\n- kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1083413]\n- kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1083413]\n- kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1083413]\n- kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1083413]\n- kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1083413]\n- kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1083413]\n- kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1083413]\n- kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [bz#1027565]\n- kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1085701]\n- kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1087980]\n- Resolves: bz#1027565\n (fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host)\n- Resolves: bz#1083413\n (qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400))\n- Resolves: bz#1085701\n (Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device)\n- Resolves: bz#1087980\n (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.1])", "edition": 72, "modified": "2015-03-11T00:00:00", "published": "2015-03-11T00:00:00", "id": "ELSA-2015-0349", "href": "http://linux.oracle.com/errata/ELSA-2015-0349.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0222", "CVE-2014-0223"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM in environments\nmanaged by Red Hat Enterprise Linux OpenStack Platform.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to supply a malicious image file to QEMU\nor to helper tools used in image conversion by services such as Glance and\nNova could potentially use these flaws to cause memory corruption,\nresulting in a crash or possibly arbitrary code execution. (CVE-2014-0222,\nCVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once all\nvirtual machines have shut down, start them again for this update to take\neffect.\n", "modified": "2018-06-07T02:48:00", "published": "2014-09-15T04:00:00", "id": "RHSA-2014:1187", "href": "https://access.redhat.com/errata/RHSA-2014:1187", "type": "redhat", "title": "(RHSA-2014:1187) Moderate: qemu-kvm-rhev security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0222", "CVE-2014-0223"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM in environments\nmanaged by Red Hat Enterprise Virtualization Manager.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bug:\n\n* In certain scenarios, when performing live incremental migration, the\ndisk size could be expanded considerably due to the transfer of unallocated\nsectors past the end of the base image. With this update, the\nbdrv_is_allocated() function has been fixed to no longer return \"True\" for\nunallocated sectors, and the disk size no longer changes after performing\nlive incremental migration. (BZ#1110681)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once all\nvirtual machines have shut down, start them again for this update to take\neffect.\n", "modified": "2018-06-07T08:59:31", "published": "2014-08-19T04:00:00", "id": "RHSA-2014:1076", "href": "https://access.redhat.com/errata/RHSA-2014:1076", "type": "redhat", "title": "(RHSA-2014:1076) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6647", "CVE-2013-7339", "CVE-2014-0205", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3535", "CVE-2014-3917", "CVE-2014-4667"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA NULL pointer dereference flaw was found in the way the Linux kernel's\nnetworking implementation handled logging while processing certain invalid\npackets coming in via a VxLAN interface. A remote attacker could use this\nflaw to crash the system by sending a specially crafted packet to such an\ninterface. (CVE-2014-3535)\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting CVE-2014-0222 and \nCVE-2014-0223.\n\nThis update also fixes the following bug:\n\n* Previously, an updated version of Qlogic firmware was not supported in\nthe Red Hat Enterprise Virtualization Hypervisor 6.5 image and an error\nmessage returned when users were using a newer version of Qlogic firmware.\nThis update includes the latest Qlogic firmware package in the Red Hat\nEnterprise Virtualization Hypervisor 6.5 image so no firmware errors are\nreturned. (BZ#1135780)\n\nThis updated package also provides updated components that include fixes\nfor various security issues. These issues have no security impact on Red\nHat Enterprise Virtualization Hypervisor itself, however. The security\nfixes included in this update address the following CVE numbers:\n\nCVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706,\nCVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-0205, CVE-2014-3917,\nand CVE-2014-4667 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.\n", "modified": "2018-06-07T08:59:31", "published": "2014-09-09T04:00:00", "id": "RHSA-2014:1168", "href": "https://access.redhat.com/errata/RHSA-2014:1168", "type": "redhat", "title": "(RHSA-2014:1168) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4148", "CVE-2013-4149", "CVE-2013-4150", "CVE-2013-4151", "CVE-2013-4527", "CVE-2013-4529", "CVE-2013-4535", "CVE-2013-4536", "CVE-2013-4541", "CVE-2013-4542", "CVE-2013-6399", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3461"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nMultiple buffer overflow, input validation, and out-of-bounds write flaws\nwere found in the way virtio, virtio-net, virtio-scsi, usb, and hpet\ndrivers of QEMU handled state loading after migration. A user able to alter\nthe savevm data (either on the disk or over the wire during migration)\ncould use either of these flaws to corrupt QEMU process memory on the\n(destination) host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527,\nCVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,\nCVE-2013-6399, CVE-2014-0182, CVE-2014-3461)\n\nThese issues were discovered by Michael S. Tsirkin, Anthony Liguori and\nMichael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,\nCVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536,\nCVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and\nCVE-2014-3461.\n\nThis update also fixes the following bugs:\n\n* Previously, QEMU did not free pre-allocated zero clusters correctly and\nthe clusters under some circumstances leaked. With this update,\npre-allocated zero clusters are freed appropriately and the cluster leaks\nno longer occur. (BZ#1110188)\n\n* Prior to this update, the QEMU command interface did not properly handle\nresizing of cache memory during guest migration, causing QEMU to terminate\nunexpectedly with a segmentation fault and QEMU to fail. This update fixes\nthe related code and QEMU no longer crashes in the described situation.\n(BZ#1110191)\n\n* Previously, when a guest device was hot unplugged, QEMU correctly removed\nthe corresponding file descriptor watch but did not re-create it after the\ndevice was re-connected. As a consequence, the guest became unable to\nreceive any data from the host over this device. With this update, the file\ndescriptor's watch is re-created and the guest in the above scenario can\ncommunicate with the host as expected. (BZ#1110219)\n\n* Previously, the QEMU migration code did not account for the gaps caused\nby hot unplugged devices and thus expected more memory to be transferred\nduring migrations. As a consequence, guest migration failed to complete\nafter multiple devices were hot unplugged. In addition, the migration info\ntext displayed erroneous values for the \"remaining ram\" item. With this\nupdate, QEMU calculates memory after a device has been unplugged correctly,\nand any subsequent guest migrations proceed as expected. (BZ#1110189)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-04-12T03:32:50", "published": "2014-07-23T04:00:00", "id": "RHSA-2014:0927", "href": "https://access.redhat.com/errata/RHSA-2014:0927", "type": "redhat", "title": "(RHSA-2014:0927) Moderate: qemu-kvm security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4148", "CVE-2013-4149", "CVE-2013-4150", "CVE-2013-4151", "CVE-2013-4527", "CVE-2013-4529", "CVE-2013-4535", "CVE-2013-4536", "CVE-2013-4541", "CVE-2013-4542", "CVE-2013-6399", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3461"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to supply a malicious image file to QEMU\nor to helper tools used in image conversion by services such as glance and\nnova could potentially use these flaws to cause memory corruption,\nresulting in a crash or possibly arbitrary code execution. (CVE-2014-0222,\nCVE-2014-0223)\n\nMultiple buffer overflow, input validation, and out-of-bounds write flaws\nwere found in the way virtio, virtio-net, virtio-scsi, usb, and hpet\ndrivers of QEMU handled state loading after migration. A user able to alter\nthe savevm data (either on the disk or over the wire during migration)\ncould use either of these flaws to corrupt QEMU process memory on the\n(destination) host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527,\nCVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,\nCVE-2013-6399, CVE-2014-0182, CVE-2014-3461)\n\nRed Hat would like to thank NSA for reporting CVE-2014-0222 and\nCVE-2014-0223. The following issues were discovered by Michael S. Tsirkin,\nAnthony Liguori, and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149,\nCVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535,\nCVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182,\nand CVE-2014-3461.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "modified": "2018-03-19T16:26:45", "published": "2014-09-22T04:00:00", "id": "RHSA-2014:1268", "href": "https://access.redhat.com/errata/RHSA-2014:1268", "type": "redhat", "title": "(RHSA-2014:1268) Moderate: qemu-kvm-rhev security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:28", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1075\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs:\n\n* In certain scenarios, when performing live incremental migration, the\ndisk size could be expanded considerably due to the transfer of unallocated\nsectors past the end of the base image. With this update, the\nbdrv_is_allocated() function has been fixed to no longer return \"True\" for\nunallocated sectors, and the disk size no longer changes after performing\nlive incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU to\nprocess I/O requests outside of the vCPU thread, reducing the latency of\nsubmitting requests and improving single task throughput. (BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a KVM\nguest did not reach the target device due to QEMU considering such commands\nas invalid. This update fixes this bug by properly propagating\nvendor-specific SCSI commands to the target device. (BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/032539.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1075.html", "edition": 3, "modified": "2014-08-19T10:00:56", "published": "2014-08-19T10:00:56", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/032539.html", "id": "CESA-2014:1075", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:42", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4536", "CVE-2013-4542", "CVE-2014-0223", "CVE-2013-4527", "CVE-2013-4535", "CVE-2014-0222", "CVE-2013-6399", "CVE-2013-4541", "CVE-2014-0182", "CVE-2013-4149", "CVE-2013-4148", "CVE-2014-3461", "CVE-2013-4151", "CVE-2013-4529", "CVE-2013-4150"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0927\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nMultiple buffer overflow, input validation, and out-of-bounds write flaws\nwere found in the way virtio, virtio-net, virtio-scsi, usb, and hpet\ndrivers of QEMU handled state loading after migration. A user able to alter\nthe savevm data (either on the disk or over the wire during migration)\ncould use either of these flaws to corrupt QEMU process memory on the\n(destination) host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527,\nCVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,\nCVE-2013-6399, CVE-2014-0182, CVE-2014-3461)\n\nThese issues were discovered by Michael S. Tsirkin, Anthony Liguori and\nMichael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,\nCVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536,\nCVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and\nCVE-2014-3461.\n\nThis update also fixes the following bugs:\n\n* Previously, QEMU did not free pre-allocated zero clusters correctly and\nthe clusters under some circumstances leaked. With this update,\npre-allocated zero clusters are freed appropriately and the cluster leaks\nno longer occur. (BZ#1110188)\n\n* Prior to this update, the QEMU command interface did not properly handle\nresizing of cache memory during guest migration, causing QEMU to terminate\nunexpectedly with a segmentation fault and QEMU to fail. This update fixes\nthe related code and QEMU no longer crashes in the described situation.\n(BZ#1110191)\n\n* Previously, when a guest device was hot unplugged, QEMU correctly removed\nthe corresponding file descriptor watch but did not re-create it after the\ndevice was re-connected. As a consequence, the guest became unable to\nreceive any data from the host over this device. With this update, the file\ndescriptor's watch is re-created and the guest in the above scenario can\ncommunicate with the host as expected. (BZ#1110219)\n\n* Previously, the QEMU migration code did not account for the gaps caused\nby hot unplugged devices and thus expected more memory to be transferred\nduring migrations. As a consequence, guest migration failed to complete\nafter multiple devices were hot unplugged. In addition, the migration info\ntext displayed erroneous values for the \"remaining ram\" item. With this\nupdate, QEMU calculates memory after a device has been unplugged correctly,\nand any subsequent guest migrations proceed as expected. (BZ#1110189)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032485.html\n\n**Affected packages:**\nlibcacard\nlibcacard-devel\nlibcacard-tools\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 3, "modified": "2014-07-25T13:23:24", "published": "2014-07-25T13:23:24", "href": "http://lists.centos.org/pipermail/centos-announce/2014-July/032485.html", "id": "CESA-2014:0927", "title": "libcacard, qemu security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:14:53", "description": "Updated qemu-kvm packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU\nto process I/O requests outside of the vCPU thread, reducing the\nlatency of submitting requests and improving single task throughput.\n(BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a\nKVM guest did not reach the target device due to QEMU considering such\ncommands as invalid. This update fixes this bug by properly\npropagating vendor-specific SCSI commands to the target device.\n(BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 25, "published": "2014-08-20T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2014:1075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "modified": "2014-08-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1075.NASL", "href": "https://www.tenable.com/plugins/nessus/77271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1075. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77271);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_bugtraq_id(67357, 67391);\n script_xref(name:\"RHSA\", value:\"2014:1075\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2014:1075)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU\nto process I/O requests outside of the vCPU thread, reducing the\nlatency of submitting requests and improving single task throughput.\n(BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a\nKVM guest did not reach the target device due to QEMU considering such\ncommands as invalid. This update fixes this bug by properly\npropagating vendor-specific SCSI commands to the target device.\n(BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0222\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1075\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-guest-agent-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:48:25", "description": "Two integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nThis update also fixes the following bugs :\n\n - In certain scenarios, when performing live incremental\n migration, the disk size could be expanded considerably\n due to the transfer of unallocated sectors past the end\n of the base image. With this update, the\n bdrv_is_allocated() function has been fixed to no longer\n return 'True' for unallocated sectors, and the disk size\n no longer changes after performing live incremental\n migration.\n\n - This update enables ioeventfd in virtio-scsi-pci. This\n allows QEMU to process I/O requests outside of the vCPU\n thread, reducing the latency of submitting requests and\n improving single task throughput.\n\n - Prior to this update, vendor-specific SCSI commands\n issued from a KVM guest did not reach the target device\n due to QEMU considering such commands as invalid. This\n update fixes this bug by properly propagating\n vendor-specific SCSI commands to the target device.\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.", "edition": 16, "published": "2014-08-20T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20140819)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "modified": "2014-08-20T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo"], "id": "SL_20140819_QEMU_KVM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/77272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77272);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20140819)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nThis update also fixes the following bugs :\n\n - In certain scenarios, when performing live incremental\n migration, the disk size could be expanded considerably\n due to the transfer of unallocated sectors past the end\n of the base image. With this update, the\n bdrv_is_allocated() function has been fixed to no longer\n return 'True' for unallocated sectors, and the disk size\n no longer changes after performing live incremental\n migration.\n\n - This update enables ioeventfd in virtio-scsi-pci. This\n allows QEMU to process I/O requests outside of the vCPU\n thread, reducing the latency of submitting requests and\n improving single task throughput.\n\n - Prior to this update, vendor-specific SCSI commands\n issued from a KVM guest did not reach the target device\n due to QEMU considering such commands as invalid. This\n update fixes this bug by properly propagating\n vendor-specific SCSI commands to the target device.\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1408&L=scientific-linux-errata&T=0&P=1194\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29a3f5f1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"qemu-guest-agent-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:29:44", "description": "Updated qemu-kvm packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU\nto process I/O requests outside of the vCPU thread, reducing the\nlatency of submitting requests and improving single task throughput.\n(BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a\nKVM guest did not reach the target device due to QEMU considering such\ncommands as invalid. This update fixes this bug by properly\npropagating vendor-specific SCSI commands to the target device.\n(BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 25, "published": "2014-08-21T00:00:00", "title": "CentOS 6 : qemu-kvm (CESA-2014:1075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "modified": "2014-08-21T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-guest-agent", "p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm-tools"], "id": "CENTOS_RHSA-2014-1075.NASL", "href": "https://www.tenable.com/plugins/nessus/77286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1075 and \n# CentOS Errata and Security Advisory 2014:1075 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77286);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_bugtraq_id(67357, 67391);\n script_xref(name:\"RHSA\", value:\"2014:1075\");\n\n script_name(english:\"CentOS 6 : qemu-kvm (CESA-2014:1075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU\nto process I/O requests outside of the vCPU thread, reducing the\nlatency of submitting requests and improving single task throughput.\n(BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a\nKVM guest did not reach the target device due to QEMU considering such\ncommands as invalid. This update fixes this bug by properly\npropagating vendor-specific SCSI commands to the target device.\n(BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020501.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93074a90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0222\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"qemu-guest-agent-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-tools\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:49:10", "description": "From Red Hat Security Advisory 2014:1075 :\n\nUpdated qemu-kvm packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU\nto process I/O requests outside of the vCPU thread, reducing the\nlatency of submitting requests and improving single task throughput.\n(BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a\nKVM guest did not reach the target device due to QEMU considering such\ncommands as invalid. This update fixes this bug by properly\npropagating vendor-specific SCSI commands to the target device.\n(BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 22, "published": "2014-08-20T00:00:00", "title": "Oracle Linux 6 : qemu-kvm (ELSA-2014-1075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "modified": "2014-08-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-guest-agent", "p-cpe:/a:oracle:linux:qemu-kvm"], "id": "ORACLELINUX_ELSA-2014-1075.NASL", "href": "https://www.tenable.com/plugins/nessus/77270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1075 and \n# Oracle Linux Security Advisory ELSA-2014-1075 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77270);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_bugtraq_id(67357, 67391);\n script_xref(name:\"RHSA\", value:\"2014:1075\");\n\n script_name(english:\"Oracle Linux 6 : qemu-kvm (ELSA-2014-1075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1075 :\n\nUpdated qemu-kvm packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1109715)\n\n* This update enables ioeventfd in virtio-scsi-pci. This allows QEMU\nto process I/O requests outside of the vCPU thread, reducing the\nlatency of submitting requests and improving single task throughput.\n(BZ#1123271)\n\n* Prior to this update, vendor-specific SCSI commands issued from a\nKVM guest did not reach the target device due to QEMU considering such\ncommands as invalid. This update fixes this bug by properly\npropagating vendor-specific SCSI commands to the target device.\n(BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-August/004371.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"qemu-guest-agent-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.415.el6_5.14\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-tools\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:14:54", "description": "Updated qemu-kvm-rhev packages that fix two security issues and one\nbug are now available for Red Hat Enterprise Virtualization.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM in environments managed by Red Hat Enterprise Virtualization\nManager.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bug :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1110681)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.", "edition": 25, "published": "2014-11-08T00:00:00", "title": "RHEL 6 : qemu-kvm-rhev (RHSA-2014:1076)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "modified": "2014-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "id": "REDHAT-RHSA-2014-1076.NASL", "href": "https://www.tenable.com/plugins/nessus/79041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79041);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_bugtraq_id(67357, 67391);\n script_xref(name:\"RHSA\", value:\"2014:1076\");\n\n script_name(english:\"RHEL 6 : qemu-kvm-rhev (RHSA-2014:1076)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm-rhev packages that fix two security issues and one\nbug are now available for Red Hat Enterprise Virtualization.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM in environments managed by Red Hat Enterprise Virtualization\nManager.\n\nTwo integer overflow flaws were found in the QEMU block driver for\nQCOW version 1 disk images. A user able to alter the QEMU disk image\nfiles loaded by a guest could use either of these flaws to corrupt\nQEMU process memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bug :\n\n* In certain scenarios, when performing live incremental migration,\nthe disk size could be expanded considerably due to the transfer of\nunallocated sectors past the end of the base image. With this update,\nthe bdrv_is_allocated() function has been fixed to no longer return\n'True' for unallocated sectors, and the disk size no longer changes\nafter performing live incremental migration. (BZ#1110681)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0222\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-rhev-0.12.1.2-2.415.el6_5.14\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-0.12.1.2-2.415.el6_5.14\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-0.12.1.2-2.415.el6_5.14\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.14\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-rhev / qemu-kvm-rhev-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:44:10", "description": "KVM was updated to fix the following security issues :\n\nCVE-2015-3456: Buffer overflow in the floppy drive emulation, which\ncould be used to carry out denial of service attacks or potential code\nexecution against the host. This vulnerability is also known as VENOM.\n\nCVE-2014-0222: Integer overflow in the qcow_open function in\nblock/qcow.c in QEMU allowed remote attackers to cause a denial of\nservice (crash) via a large L2 table in a QCOW version 1 image.\n\nCVE-2014-0223: Integer overflow in the qcow_open function in\nblock/qcow.c in QEMU allowed local users to cause a denial of service\n(crash) and possibly execute arbitrary code via a large image size,\nwhich triggers a buffer overflow or out-of-bounds read.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2015-05-27T00:00:00", "title": "SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0929-1) (Venom)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222", "CVE-2015-3456"], "modified": "2015-05-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-0929-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0929-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83854);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2015-3456\");\n script_bugtraq_id(67357, 67391, 74640);\n\n script_name(english:\"SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0929-1) (Venom)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KVM was updated to fix the following security issues :\n\nCVE-2015-3456: Buffer overflow in the floppy drive emulation, which\ncould be used to carry out denial of service attacks or potential code\nexecution against the host. This vulnerability is also known as VENOM.\n\nCVE-2014-0222: Integer overflow in the qcow_open function in\nblock/qcow.c in QEMU allowed remote attackers to cause a denial of\nservice (crash) via a large L2 table in a QCOW version 1 image.\n\nCVE-2014-0223: Integer overflow in the qcow_open function in\nblock/qcow.c in QEMU allowed local users to cause a denial of service\n(crash) and possibly execute arbitrary code via a large image size,\nwhich triggers a buffer overflow or out-of-bounds read.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=877642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=877645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929339\"\n );\n # https://download.suse.com/patch/finder/?keywords=a793805e5c8b31d54aefde03808c673c\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69551578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0222/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0223/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3456/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150929-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2349765c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-kvm=10683\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kvm-0.12.5-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kvm-0.12.5-1.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KVM\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:54", "description": " - QCOW1 validation CVEs: CVE-2014-0222, CVE-2014-0223 (bz\n #1097232, bz #1097238, bz #1097222, bz #1097216)\n\n - CVE-2014-3461: Issues in USB post load checks (bz\n #1097260, bz #1096821)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-06-10T00:00:00", "title": "Fedora 20 : qemu-1.6.2-6.fc20 (2014-6970)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222", "CVE-2014-3461"], "modified": "2014-06-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qemu", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-6970.NASL", "href": "https://www.tenable.com/plugins/nessus/74414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-6970.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74414);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3461\");\n script_bugtraq_id(67357, 67391, 67392);\n script_xref(name:\"FEDORA\", value:\"2014-6970\");\n\n script_name(english:\"Fedora 20 : qemu-1.6.2-6.fc20 (2014-6970)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - QCOW1 validation CVEs: CVE-2014-0222, CVE-2014-0223 (bz\n #1097232, bz #1097238, bz #1097222, bz #1097216)\n\n - CVE-2014-3461: Issues in USB post load checks (bz\n #1097260, bz #1096821)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1097216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1097222\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96ec7b81\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"qemu-1.6.2-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:41:08", "description": "kvm has been updated to fix issues in the embedded qemu :\n\n - An integer overflow flaw was found in the QEMU block\n driver for QCOW version 1 disk images. A user able to\n alter the QEMU disk image files loaded by a guest could\n have used this flaw to corrupt QEMU process memory on\n the host, which could potentially have resulted in\n arbitrary code execution on the host with the privileges\n of the QEMU process. (CVE-2014-0223)\n\n - A user able to alter the savevm data (either on the disk\n or over the wire during migration) could have used this\n flaw to to corrupt QEMU process memory on the\n (destination) host, which could have potentially\n resulted in arbitrary code execution on the host with\n the privileges of the QEMU process. (CVE-2014-3461)\n\n - An integer overflow flaw was found in the QEMU block\n driver for QCOW version 1 disk images. A user able to\n alter the QEMU disk image files loaded by a guest could\n have used this flaw to corrupt QEMU process memory on\n the host, which could have potentially resulted in\n arbitrary code execution on the host with the privileges\n of the QEMU process. (CVE-2014-0222)\n\nNon-security bugs fixed :\n\n - Fix exceeding IRQ routes that could have caused freezes\n of guests. (bnc#876842)\n\n - Fix CPUID emulation bugs that may have broken Windows\n guests with newer -cpu types (bnc#886535)", "edition": 17, "published": "2014-10-09T00:00:00", "title": "SuSE 11.3 Security Update : kvm (SAT Patch Number 9739)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222", "CVE-2014-3461"], "modified": "2014-10-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KVM-140919.NASL", "href": "https://www.tenable.com/plugins/nessus/78105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78105);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3461\");\n\n script_name(english:\"SuSE 11.3 Security Update : kvm (SAT Patch Number 9739)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"kvm has been updated to fix issues in the embedded qemu :\n\n - An integer overflow flaw was found in the QEMU block\n driver for QCOW version 1 disk images. A user able to\n alter the QEMU disk image files loaded by a guest could\n have used this flaw to corrupt QEMU process memory on\n the host, which could potentially have resulted in\n arbitrary code execution on the host with the privileges\n of the QEMU process. (CVE-2014-0223)\n\n - A user able to alter the savevm data (either on the disk\n or over the wire during migration) could have used this\n flaw to to corrupt QEMU process memory on the\n (destination) host, which could have potentially\n resulted in arbitrary code execution on the host with\n the privileges of the QEMU process. (CVE-2014-3461)\n\n - An integer overflow flaw was found in the QEMU block\n driver for QCOW version 1 disk images. A user able to\n alter the QEMU disk image files loaded by a guest could\n have used this flaw to corrupt QEMU process memory on\n the host, which could have potentially resulted in\n arbitrary code execution on the host with the privileges\n of the QEMU process. (CVE-2014-0222)\n\nNon-security bugs fixed :\n\n - Fix exceeding IRQ routes that could have caused freezes\n of guests. (bnc#876842)\n\n - Fix CPUID emulation bugs that may have broken Windows\n guests with newer -cpu types (bnc#886535)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=886535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0222.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0223.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3461.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9739.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kvm-1.4.2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kvm-1.4.2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kvm-1.4.2-0.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:46", "description": "Several vulnerabilities were discovered in qemu, a fast processor\nemulator :\n\n - Various security issues have been found in the block\n qemu drivers. Malformed disk images might result in the\n execution of arbitrary code.\n - A NULL pointer dereference in SLIRP may result in denial\n of service\n\n - An information leak was discovered in the VGA emulation", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-10-06T00:00:00", "title": "Debian DSA-3045-1 : qemu - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "modified": "2014-10-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3045.NASL", "href": "https://www.tenable.com/plugins/nessus/78046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3045. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78046);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0142\", \"CVE-2014-0143\", \"CVE-2014-0144\", \"CVE-2014-0145\", \"CVE-2014-0146\", \"CVE-2014-0147\", \"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3615\", \"CVE-2014-3640\");\n script_bugtraq_id(66464, 66472, 66481, 66483, 66484, 66486, 67357, 67391, 69654);\n script_xref(name:\"DSA\", value:\"3045\");\n\n script_name(english:\"Debian DSA-3045-1 : qemu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in qemu, a fast processor\nemulator :\n\n - Various security issues have been found in the block\n qemu drivers. Malformed disk images might result in the\n execution of arbitrary code.\n - A NULL pointer dereference in SLIRP may result in denial\n of service\n\n - An information leak was discovered in the VGA emulation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3045\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"qemu\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-keymaps\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-system\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user-static\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-utils\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:46", "description": "Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware :\n\n - Various security issues have been found in the block\n qemu drivers. Malformed disk images might result in the\n execution of arbitrary code.\n - A NULL pointer dereference in SLIRP may result in denial\n of service\n\n - An information leak was discovered in the VGA emulation", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-10-06T00:00:00", "title": "Debian DSA-3044-1 : qemu-kvm - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "modified": "2014-10-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-kvm", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3044.NASL", "href": "https://www.tenable.com/plugins/nessus/78045", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3044. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78045);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0142\", \"CVE-2014-0143\", \"CVE-2014-0144\", \"CVE-2014-0145\", \"CVE-2014-0146\", \"CVE-2014-0147\", \"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3615\", \"CVE-2014-3640\");\n script_bugtraq_id(66464, 66472, 66481, 66483, 66484, 66486, 67357, 67391, 69654);\n script_xref(name:\"DSA\", value:\"3044\");\n\n script_name(english:\"Debian DSA-3044-1 : qemu-kvm - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware :\n\n - Various security issues have been found in the block\n qemu drivers. Malformed disk images might result in the\n execution of arbitrary code.\n - A NULL pointer dereference in SLIRP may result in denial\n of service\n\n - An information leak was discovered in the VGA emulation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3044\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu-kvm packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kvm\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm-dbg\", reference:\"1.1.2+dfsg-6+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "description": "Check the version of qemu-guest-agent", "modified": "2019-03-08T00:00:00", "published": "2014-08-21T00:00:00", "id": "OPENVAS:1361412562310881989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881989", "type": "openvas", "title": "CentOS Update for qemu-guest-agent CESA-2014:1075 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-guest-agent CESA-2014:1075 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881989\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-21 10:09:36 +0200 (Thu, 21 Aug 2014)\");\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2014:1075 centos6\");\n\n script_tag(name:\"summary\", value:\"Check the version of qemu-guest-agent\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a\nfull virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm\npackage provides the user-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs:\n\n * In certain scenarios, when performing live incremental migration, the\ndisk size could be expanded considerably due to the transfer of unallocated\nsectors past the end of the base image. With this update, the\nbdrv_is_allocated() function has been fixed to no longer return 'True' for\nunallocated sectors, and the disk size no longer changes after performing\nlive incremental migration. (BZ#1109715)\n\n * This update enables ioeventfd in virtio-scsi-pci. This allows QEMU to\nprocess I/O requests outside of the vCPU thread, reducing the latency of\nsubmitting requests and improving single task throughput. (BZ#1123271)\n\n * Prior to this update, vendor-specific SCSI commands issued from a KVM\nguest did not reach the target device due to QEMU considering such commands\nas invalid. This update fixes this bug by properly propagating\nvendor-specific SCSI commands to the target device. (BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\");\n\n script_tag(name:\"affected\", value:\"qemu-guest-agent on CentOS 6\");\n\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1075\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020501.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\ninclude(\"revisions-lib.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.415.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.415.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.415.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.415.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-20T00:00:00", "id": "OPENVAS:1361412562310871229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871229", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2014:1075-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2014:1075-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871229\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-20 05:55:23 +0200 (Wed, 20 Aug 2014)\");\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2014:1075-01\");\n\n\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nTwo integer overflow flaws were found in the QEMU block driver for QCOW\nversion 1 disk images. A user able to alter the QEMU disk image files\nloaded by a guest could use either of these flaws to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2014-0222, CVE-2014-0223)\n\nRed Hat would like to thank NSA for reporting these issues.\n\nThis update also fixes the following bugs:\n\n * In certain scenarios, when performing live incremental migration, the\ndisk size could be expanded considerably due to the transfer of unallocated\nsectors past the end of the base image. With this update, the\nbdrv_is_allocated() function has been fixed to no longer return 'True' for\nunallocated sectors, and the disk size no longer changes after performing\nlive incremental migration. (BZ#1109715)\n\n * This update enables ioeventfd in virtio-scsi-pci. This allows QEMU to\nprocess I/O requests outside of the vCPU thread, reducing the latency of\nsubmitting requests and improving single task throughput. (BZ#1123271)\n\n * Prior to this update, vendor-specific SCSI commands issued from a KVM\nguest did not reach the target device due to QEMU considering such commands\nas invalid. This update fixes this bug by properly propagating\nvendor-specific SCSI commands to the target device. (BZ#1125131)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1075-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00042.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.415.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.415.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.415.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.415.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.415.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222"], "description": "Oracle Linux Local Security Checks ELSA-2014-1075", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123329", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1075", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1075.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123329\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1075\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1075\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1075.html\");\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.415.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.415.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.415.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.415.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2014-0222", "CVE-2015-3456"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850901", "type": "openvas", "title": "SUSE: Security Advisory for KVM (SUSE-SU-2015:0929-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850901\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:50:39 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for KVM (SUSE-SU-2015:0929-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'KVM'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"KVM was updated to fix the following security issues:\n\n * CVE-2015-3456: Buffer overflow in the floppy drive emulation, which\n could be used to carry out denial of service attacks or potential\n code execution against the host. This vulnerability is also known as\n VENOM.\n\n * CVE-2014-0222: Integer overflow in the qcow_open function in\n block/qcow.c in QEMU allowed remote attackers to cause a denial of\n service (crash) via a large L2 table in a QCOW version 1 image.\n\n * CVE-2014-0223: Integer overflow in the qcow_open function in\n block/qcow.c in QEMU allowed local users to cause a denial of\n service (crash) and possibly execute arbitrary code via a large\n image size, which triggers a buffer overflow or out-of-bounds read.\n\n Special Instructions and Notes:\n\n Please reboot the system after installing this update.\");\n\n script_tag(name:\"affected\", value:\"KVM on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0929-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~0.12.5~1.26.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2013-4544", "CVE-2014-2894", "CVE-2014-0222", "CVE-2014-0182", "CVE-2014-0150", "CVE-2014-3461", "CVE-2014-0142"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310867891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867891", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2014-6970", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2014-6970\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867891\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:01:04 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3461\", \"CVE-2014-0182\",\n \"CVE-2014-0142\", \"CVE-2014-0150\", \"CVE-2013-4544\", \"CVE-2014-2894\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for qemu FEDORA-2014-6970\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6970\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~1.6.2~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3970", "CVE-2014-0223", "CVE-2013-4544", "CVE-2014-2894", "CVE-2014-0222", "CVE-2014-0182", "CVE-2014-0150", "CVE-2014-3461", "CVE-2014-0142"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310867991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867991", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2014-8183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2014-8183\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867991\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:11:27 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3461\", \"CVE-2014-0182\",\n \"CVE-2014-0142\", \"CVE-2014-0150\", \"CVE-2013-4544\", \"CVE-2014-2894\",\n \"CVE-2014-3970\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for qemu FEDORA-2014-8183\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-8183\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136009.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~1.6.2~7.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2013-4544", "CVE-2014-2894", "CVE-2014-0222", "CVE-2014-0182", "CVE-2014-0150", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-0142"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-09-11T00:00:00", "id": "OPENVAS:1361412562310868177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868177", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2014-10445", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2014-10445\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868177\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-11 05:56:35 +0200 (Thu, 11 Sep 2014)\");\n script_cve_id(\"CVE-2014-3615\", \"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3461\", \"CVE-2014-0182\", \"CVE-2014-0142\", \"CVE-2014-0150\", \"CVE-2013-4544\", \"CVE-2014-2894\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for qemu FEDORA-2014-10445\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-10445\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137578.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~1.6.2~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0223", "CVE-2013-4544", "CVE-2014-2894", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0182", "CVE-2014-0150", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-0142"], "description": "Check the version of qemu", "modified": "2019-03-15T00:00:00", "published": "2014-10-09T00:00:00", "id": "OPENVAS:1361412562310868371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868371", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2014-11641", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2014-11641\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868371\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-09 06:00:59 +0200 (Thu, 09 Oct 2014)\");\n script_cve_id(\"CVE-2014-3640\", \"CVE-2014-3615\", \"CVE-2014-0222\", \"CVE-2014-0223\",\n \"CVE-2014-3461\", \"CVE-2014-0182\", \"CVE-2014-0142\", \"CVE-2014-0150\",\n \"CVE-2013-4544\", \"CVE-2014-2894\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for qemu FEDORA-2014-11641\");\n script_tag(name:\"summary\", value:\"Check the version of qemu\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11641\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140130.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~1.6.2~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:48:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "Several vulnerabilities were discovered in qemu, a fast processor\nemulator:\n\nVarious security issues have been found in the block qemu drivers.\nMalformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information leak was discovered in the VGA emulation", "modified": "2017-07-12T00:00:00", "published": "2014-10-04T00:00:00", "id": "OPENVAS:703045", "href": "http://plugins.openvas.org/nasl.php?oid=703045", "type": "openvas", "title": "Debian Security Advisory DSA 3045-1 (qemu - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3045.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3045-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703045);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-0142\", \"CVE-2014-0143\", \"CVE-2014-0144\", \"CVE-2014-0145\", \"CVE-2014-0146\", \"CVE-2014-0147\", \"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3615\", \"CVE-2014-3640\");\n script_name(\"Debian Security Advisory DSA 3045-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-04 00:00:00 +0200 (Sat, 04 Oct 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3045.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6a+deb7u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in qemu, a fast processor\nemulator:\n\nVarious security issues have been found in the block qemu drivers.\nMalformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information leak was discovered in the VGA emulation\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:48:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware:\n\nVarious security issues have been found in the block qemu drivers.\nMalformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information leak was discovered in the VGA emulation", "modified": "2017-07-12T00:00:00", "published": "2014-10-04T00:00:00", "id": "OPENVAS:703044", "href": "http://plugins.openvas.org/nasl.php?oid=703044", "type": "openvas", "title": "Debian Security Advisory DSA 3044-1 (qemu-kvm - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3044.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3044-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703044);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-0142\", \"CVE-2014-0143\", \"CVE-2014-0144\", \"CVE-2014-0145\", \"CVE-2014-0146\", \"CVE-2014-0147\", \"CVE-2014-0222\", \"CVE-2014-0223\", \"CVE-2014-3615\", \"CVE-2014-3640\");\n script_name(\"Debian Security Advisory DSA 3044-1 (qemu-kvm - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-04 00:00:00 +0200 (Sat, 04 Oct 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3044.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu-kvm on Debian Linux\");\n script_tag(name: \"insight\", value: \"Using KVM, one can run multiple virtual PCs, each running unmodified Linux or\nWindows images. Each virtual machine has private virtualized hardware: a\nnetwork card, disk, graphics adapter, etc.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6+deb7u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware:\n\nVarious security issues have been found in the block qemu drivers.\nMalformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information leak was discovered in the VGA emulation\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:14:44", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0223", "CVE-2014-0222", "CVE-2015-3456"], "description": "KVM was updated to fix the following security issues:\n\n * CVE-2015-3456: Buffer overflow in the floppy drive emulation, which\n could be used to carry out denial of service attacks or potential\n code execution against the host. This vulnerability is also known as\n VENOM.\n * CVE-2014-0222: Integer overflow in the qcow_open function in\n block/qcow.c in QEMU allowed remote attackers to cause a denial of\n service (crash) via a large L2 table in a QCOW version 1 image.\n * CVE-2014-0223: Integer overflow in the qcow_open function in\n block/qcow.c in QEMU allowed local users to cause a denial of\n service (crash) and possibly execute arbitrary code via a large\n image size, which triggers a buffer overflow or out-of-bounds read.\n\n Security Issues:\n\n * CVE-2015-3456\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456</a>&gt;\n * CVE-2014-0222\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222</a>&gt;\n * CVE-2014-0223\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223</a>&gt;\n\n", "edition": 1, "modified": "2015-05-22T00:08:52", "published": "2015-05-22T00:08:52", "id": "SUSE-SU-2015:0929-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html", "title": "Security update for KVM (important)", "type": "suse", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "description": "xen was updated to fix eight security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n", "edition": 1, "modified": "2015-11-10T18:10:12", "published": "2015-11-10T18:10:12", "id": "SUSE-SU-2015:1952-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00016.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "description": "xen was updated to fix nine security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on\n disks when using the qemu-xen device model, which allowed local guest\n users to write to a read-only disk image (bsc#947165).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed\n - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has\n been observed\n - bsc#941074: Device 51728 could not be connected. Hotplug scripts not\n working\n\n", "edition": 1, "modified": "2015-10-30T17:13:49", "published": "2015-10-30T17:13:49", "id": "SUSE-SU-2015:1853-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "description": "xen was updated to version 4.4.3 to fix nine security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on\n disks when using the qemu-xen device model, which allowed local guest\n users to write to a read-only disk image (bsc#947165).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed\n - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has\n been observed\n - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting\n in irq problems on servers with a large amount of CPU cores\n - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show\n errors\n - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort\n - bsc#949549: xm create hangs when maxmen value is enclosed in quotes\n\n", "edition": 1, "modified": "2015-11-03T11:12:06", "published": "2015-11-03T11:12:06", "id": "SUSE-SU-2015:1894-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:03:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2270", "CVE-2014-0222", "CVE-2016-2391", "CVE-2014-7815", "CVE-2016-2841", "CVE-2015-8743", "CVE-2016-2271", "CVE-2015-5278"], "description": "Xen was updated to fix the following security issues:\n\n * CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive\n (bsc#969351)\n * CVE-2016-2391: usb: multiple eof_timers in ohci module leads to null\n pointer dereference (bsc#967101)\n * CVE-2016-2270: x86: inconsistent cachability flags on guest mappings\n (XSA-154) (bsc#965315)\n * CVE-2016-2271: VMX: guest user mode may crash guest with\n non-canonical RIP (XSA-170) (bsc#965317)\n * CVE-2015-5278: Infinite loop in ne2000_receive() function\n (bsc#964947)\n * CVE-2014-0222: qcow1: validate L2 table size to avoid integer\n overflows (bsc#964925)\n * CVE-2014-7815: vnc: insufficient bits_per_pixel from the client\n sanitization (bsc#962627)\n * CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions\n (bsc#960726)\n\n Security Issues:\n\n * CVE-2016-2841\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2841</a>&gt;\n * CVE-2016-2391\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2391\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2391</a>&gt;\n * CVE-2016-2270\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270</a>&gt;\n * CVE-2016-2271\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271</a>&gt;\n * CVE-2015-5278\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5278\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5278</a>&gt;\n * CVE-2014-0222\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222</a>&gt;\n * CVE-2014-7815\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815</a>&gt;\n * CVE-2015-8743\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743</a>&gt;\n\n", "edition": 1, "modified": "2016-05-30T19:08:35", "published": "2016-05-30T19:08:35", "id": "SUSE-SU-2016:1445-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00065.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:09", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "description": "xen was updated to version 4.4.3 to fix nine security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on\n disks when using the qemu-xen device model, which allowed local guest\n users to write to a read-only disk image (bsc#947165).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed\n - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has\n been observed\n - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting\n in irq problems on servers with a large amount of CPU cores\n - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show\n errors\n - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort\n\n", "edition": 1, "modified": "2015-11-04T17:13:16", "published": "2015-11-04T17:13:16", "id": "SUSE-SU-2015:1908-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:39:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-5166", "CVE-2015-7971", "CVE-2015-7972", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239", "CVE-2015-5154", "CVE-2015-5165"], "description": "xen was updated to fix 13 security issues.\n\n These security issues were fixed:\n - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash\n guests (bsc#951845).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS)\n (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array\n (DoS) (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267).\n - CVE-2014-0222: Validate L2 table size to avoid integer overflows\n (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl fails to honour readonly flag on disks with\n qemu-xen (bsc#947165).\n - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device\n model (bsc#939712).\n - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol\n (bsc#939709).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: e1000: infinite loop issue (bsc#944697).\n - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n\n This non-security issues was fixed:\n - bsc#941074: VmError: Device 51728 (vbd) could not be connected. Hotplug\n scripts not working.\n\n", "edition": 1, "modified": "2015-11-12T12:10:04", "published": "2015-11-12T12:10:04", "id": "OPENSUSE-SU-2015:1964-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00018.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-5166", "CVE-2015-7971", "CVE-2015-7972", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-3259", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239", "CVE-2015-5154", "CVE-2015-5165"], "description": "xen was updated to fix 12 security issues.\n\n These security issues were fixed:\n - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash\n guests (bsc#951845).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS)\n (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array\n (DoS) (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267).\n - CVE-2014-0222: Validate L2 table size to avoid integer overflows\n (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl fails to honour readonly flag on disks with\n qemu-xen (bsc#947165).\n - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device\n model (bsc#939712).\n - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol\n (bsc#939709).\n - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n - CVE-2015-3259: xl command line config handling stack overflow\n (bsc#935634).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error and sles12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error and sles11-SP4 sudden reboot has been\n observed\n - bsc#923967: Partner-L3: Bus fatal error and sles11-SP3 sudden reboot has\n been observed\n - bsc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting\n in irq problems on servers with a large amount of CPU cores\n - bsc#945167: Running command xl pci-assignable-add 03:10.1 secondly show\n errors\n - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort\n - bsc#944463: VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in\n vnc_client_read() and protocol_client_msg()\n - bsc#944697: VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue\n - bsc#925466: Kdump does not work in a XEN environment\n\n", "edition": 1, "modified": "2015-11-17T11:10:33", "published": "2015-11-17T11:10:33", "id": "OPENSUSE-SU-2015:2003-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00023.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8340", "CVE-2015-7971", "CVE-2015-8339", "CVE-2014-0222", "CVE-2015-4037", "CVE-2015-7504", "CVE-2015-5307", "CVE-2015-7512", "CVE-2015-8550", "CVE-2015-8555", "CVE-2015-8504", "CVE-2015-5239", "CVE-2015-8104"], "description": "Xen was updated to fix the following vulnerabilities:\n\n * CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)\n * CVE-2015-4037: Insecure temporary file use in /net/slirp.c\n (bsc#932267)\n * CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463)\n * CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator\n (XSA-162, bsc#956411)\n * CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (XSA-152, bsc#950706)\n * CVE-2015-8104: Guest to host DoS by triggering an infinite loop in\n microcode via #DB exception (bsc#954405)\n * CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,\n bsc#953527)\n * CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,\n bsc#956408)\n * CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,\n bsc#956408)\n * CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode\n (bsc#962360)\n * CVE-2015-8550: Paravirtualized drivers incautious about shared\n memory contents (XSA-155, bsc#957988)\n * CVE-2015-8504: Avoid floating point exception in vnc support\n (bsc#958493)\n * CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization\n (XSA-165, bsc#958009)\n * Ioreq handling possibly susceptible to multiple read issue (XSA-166,\n bsc#958523)\n\n Security Issues:\n\n * CVE-2014-0222\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222</a>&gt;\n * CVE-2015-4037\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037</a>&gt;\n * CVE-2015-5239\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239</a>&gt;\n * CVE-2015-7504\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504</a>&gt;\n * CVE-2015-7971\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971</a>&gt;\n * CVE-2015-8104\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104</a>&gt;\n * CVE-2015-5307\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307</a>&gt;\n * CVE-2015-8339\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339</a>&gt;\n * CVE-2015-8340\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340</a>&gt;\n * CVE-2015-7512\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512</a>&gt;\n * CVE-2015-8550\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550</a>&gt;\n * CVE-2015-8504\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504</a>&gt;\n * CVE-2015-8555\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555</a>&gt;\n\n", "edition": 1, "modified": "2016-03-04T22:13:56", "published": "2016-03-04T22:13:56", "id": "SUSE-SU-2016:0658-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00013.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2392", "CVE-2014-3689", "CVE-2014-9718", "CVE-2016-1570", "CVE-2015-8619", "CVE-2015-6855", "CVE-2015-8613", "CVE-2013-4533", "CVE-2015-1779", "CVE-2014-0222", "CVE-2016-2391", "CVE-2015-7512", "CVE-2015-8345", "CVE-2016-2198", "CVE-2014-7815", "CVE-2013-4537", "CVE-2015-8744", "CVE-2015-8743", "CVE-2016-1568", "CVE-2013-4539", "CVE-2015-8745", "CVE-2016-1714", "CVE-2016-1981", "CVE-2016-2538", "CVE-2013-4538", "CVE-2015-5278"], "description": "xen was updated to fix 26 security issues.\n\n These security issues were fixed:\n - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in\n hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or\n possibly execute arbitrary code via a crafted s-&gt;rx_level value in a\n savevm image (bsc#864655).\n - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed\n remote attackers to execute arbitrary code via a crafted arglen value in\n a savevm image (bsc#864391).\n - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in\n hw/display/ssd0323.c allowed remote attackers to cause a denial of\n service (memory corruption) or possibly execute arbitrary code via\n crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and\n row_end values; or (5) col_star and col_end values in a savevm image\n (bsc#864769).\n - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in\n hw/input/tsc210x.c might have allowed remote attackers to execute\n arbitrary code via a crafted (1) precision, (2) nextprecision, (3)\n function, or (4) nextfunction value in a savevm image (bsc#864805).\n - CVE-2014-0222: Integer overflow in the qcow_open function in\n block/qcow.c allowed remote attackers to cause a denial of service\n (crash) via a large L2 table in a QCOW version 1 image (bsc#877642).\n - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed\n local guest users to write to qemu memory locations and gain privileges\n via unspecified parameters related to rectangle handling (bsc#901508).\n - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote\n attackers to cause a denial of service (crash) via a small\n bytes_per_pixel value (bsc#902737).\n - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE\n functionality had multiple interpretations of a function's return value,\n which allowed guest OS users to cause a host OS denial of service\n (memory consumption or infinite loop, and system crash) via a PRDT with\n zero complete sectors, related to the bmdma_prepare_buf and\n ahci_dma_prepare_buf functions (bsc#928393).\n - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers\n to cause a denial of service (memory and CPU consumption) via a large\n (1) websocket payload or (2) HTTP headers section (bsc#924018).\n - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).\n - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands\n accepted by an ATAPI device, which allowed guest users to cause a denial\n of service or possibly have unspecified other impact via certain IDE\n commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty\n drive, which triggers a divide-by-zero error and instance crash\n (bsc#945404).\n - CVE-2015-7512: Buffer overflow in the pcnet_receive function in\n hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote\n attackers to cause a denial of service (guest OS crash) or execute\n arbitrary code via a large packet (bsc#957162).\n - CVE-2015-8345: eepro100: infinite loop in processing command block list\n (bsc#956829).\n - CVE-2015-8613: SCSI: stack based buffer overflow in\n megasas_ctrl_get_info (bsc#961358).\n - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334).\n - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions\n (bsc#960725).\n - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash\n via assert(2) call (bsc#960835).\n - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call\n (bsc#960707).\n - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands\n (bsc#961332).\n - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed\n local PV guests to obtain sensitive information, cause a denial of\n service, gain privileges, or have unspecified other impact via a crafted\n page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2)\n MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3)\n unknown vectors related to page table updates (bsc#960861).\n - CVE-2016-1714: nvram: OOB r/w access in processing firmware\n configurations (bsc#961691).\n - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov\n routines (bsc#963782).\n - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write\n (bsc#964413).\n - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL\n pointer dereference (bsc#967013).\n - CVE-2016-2392: NULL pointer dereference in remote NDIS control message\n handling (bsc#967012).\n - CVE-2016-2538: Integer overflow in remote NDIS control message handling\n (bsc#967969).\n\n These non-security issues were fixed:\n - bsc#954872: script block-dmmd not working as expected\n - bsc#957698: DOM0 can't bring up on Dell PC\n - bsc#963923: domain weights not honored when sched-credit tslice is\n reduced\n - bsc#959332: SLES12SP1 PV guest is unreachable when restored or migrated\n - bsc#959695: Missing docs for xen\n\n", "edition": 1, "modified": "2016-03-30T20:07:33", "published": "2016-03-30T20:07:33", "id": "OPENSUSE-SU-2016:0914-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00096.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2014-06-10T02:56:05", "published": "2014-06-10T02:56:05", "id": "FEDORA:0888F20BE1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-6.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2014-09-11T00:54:50", "published": "2014-09-11T00:54:50", "id": "FEDORA:56C2A22A60", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-8.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3970"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2014-07-26T00:11:13", "published": "2014-07-26T00:11:13", "id": "FEDORA:ADAE222CFE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-7.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2014-10-08T19:01:39", "published": "2014-10-08T19:01:39", "id": "FEDORA:2585E20E97", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-9.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640", "CVE-2014-3689", "CVE-2014-7815"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2014-11-10T06:48:10", "published": "2014-11-10T06:48:10", "id": "FEDORA:E992D60F7AA9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-10.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640", "CVE-2014-3689", "CVE-2014-7815", "CVE-2014-7840"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2014-12-23T18:30:21", "published": "2014-12-23T18:30:21", "id": "FEDORA:0C3FF60CF086", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-12.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640", "CVE-2014-3689", "CVE-2014-7815", "CVE-2014-7840", "CVE-2014-8106"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-02-17T08:05:08", "published": "2015-02-17T08:05:08", "id": "FEDORA:EACF360879A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-13.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640", "CVE-2014-3689", "CVE-2014-7815", "CVE-2014-7840", "CVE-2014-8106", "CVE-2015-3456"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-05-22T17:55:27", "published": "2015-05-22T17:55:27", "id": "FEDORA:4C485604E838", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-14.fc20", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3044-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 04, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nCVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 \n CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223\n CVE-2014-3615 CVE-2014-3640\n\nSeveral vulnerabilities were discovered in qemu-kvm, a full \nvirtualization solution on x86 hardware: \n\n* Various security issues have been found in the block qemu drivers. \n Malformed disk images might result in the execution of arbitrary code.\n* A NULL pointer dereference in SLIRP may result in denial of service\n* An information leak was discovered in the VGA emulation\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6+deb7u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-10-04T19:27:21", "published": "2014-10-04T19:27:21", "id": "DEBIAN:DSA-3044-1:23B91", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00231.html", "title": "[SECURITY] [DSA 3044-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3045-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 04, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 \n CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223\n CVE-2014-3615 CVE-2014-3640\n\nSeveral vulnerabilities were discovered in qemu, a fast processor \nemulator:\n\n* Various security issues have been found in the block qemu drivers. \n Malformed disk images might result in the execution of arbitrary code.\n* A NULL pointer dereference in SLIRP may result in denial of service\n* An information leak was discovered in the VGA emulation\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6a+deb7u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-10-04T19:28:01", "published": "2014-10-04T19:28:01", "id": "DEBIAN:DSA-3045-1:9607E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00232.html", "title": "[SECURITY] [DSA 3045-1] qemu security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0146", "CVE-2014-0223", "CVE-2013-4544", "CVE-2014-0144", "CVE-2014-2894", "CVE-2007-6227", "CVE-2014-0222", "CVE-2014-0145", "CVE-2014-0150", "CVE-2014-0143", "CVE-2014-3461", "CVE-2013-4377", "CVE-2014-0147", "CVE-2014-0142"], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.0.0-r1\"", "modified": "2014-09-02T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-17", "href": "https://security.gentoo.org/glsa/201408-17", "type": "gentoo", "title": "QEMU: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4536", "CVE-2014-0146", "CVE-2013-4542", "CVE-2014-0223", "CVE-2013-4526", "CVE-2014-0144", "CVE-2013-4527", "CVE-2014-3471", "CVE-2013-4533", "CVE-2013-4535", "CVE-2014-0222", "CVE-2013-6399", "CVE-2013-4541", "CVE-2013-4532", "CVE-2014-0145", "CVE-2014-0182", "CVE-2013-4531", "CVE-2013-4149", "CVE-2013-4148", "CVE-2013-4534", "CVE-2013-4537", "CVE-2014-0143", "CVE-2014-3461", "CVE-2013-4539", "CVE-2014-0147", "CVE-2013-4151", "CVE-2013-4530", "CVE-2013-4538", "CVE-2013-4529", "CVE-2014-0142", "CVE-2013-4540", "CVE-2013-4150"], "description": "Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple \nissues with QEMU state loading after migration. An attacker able to modify \nthe state data could use these issues to cause a denial of service, or \npossibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, \nCVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, \nCVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, \nCVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, \nCVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, \nCVE-2014-3461)\n\nKevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and \nothers discovered multiple issues in the QEMU block drivers. An attacker \nable to modify disk images could use these issues to cause a denial of \nservice, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, \nCVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, \nCVE-2014-0223)\n\nIt was discovered that QEMU incorrectly handled certain PCIe bus hotplug \noperations. A malicious guest could use this issue to crash the QEMU host, \nresulting in a denial of service. (CVE-2014-3471)", "edition": 5, "modified": "2014-09-08T00:00:00", "published": "2014-09-08T00:00:00", "id": "USN-2342-1", "href": "https://ubuntu.com/security/notices/USN-2342-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}