RedHatRHSA-2015:0624(RHSA-2015:0624) Important: qemu-kvm-rhev security, bug fix, and enhancement update
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.891 High
EPSS
Percentile
98.2%
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM, in
environments managed by Red Hat Enterprise Virtualization Manager.
It was found that the Cirrus blit region checks were insufficient.
A privileged guest user could use this flaw to write outside of
VRAM-allocated buffer boundaries in the host’s QEMU process address space
with attacker-provided data. (CVE-2014-8106)
An uninitialized data structure use flaw was found in the way the
set_pixel_format() function sanitized the value of bits_per_pixel.
An attacker able to access a guest’s VNC console could use this flaw to
crash the guest. (CVE-2014-7815)
It was found that certain values that were read when loading RAM during
migration were not validated. A user able to alter the savevm data (either
on the disk or over the wire during migration) could use either of these
flaws to corrupt QEMU process memory on the (destination) host, which could
potentially result in arbitrary code execution on the host with the
privileges of the QEMU process. (CVE-2014-7840)
A NULL pointer dereference flaw was found in the way QEMU handled UDP
packets with a source port and address of 0 when QEMU’s user networking was
in use. A local guest user could use this flaw to crash the guest.
(CVE-2014-3640)
Red Hat would like to thank James Spadaro of Cisco for reporting
CVE-2014-7815, and Xavier Mehrenberger and Stephane Duverger of Airbus for
reporting CVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini
of Red Hat, and the CVE-2014-7840 issue was discovered by Michael S.
Tsirkin of Red Hat.
This update provides the enhanced version of the qemu-kvm-rhev packages for
Red Hat Enterprise Virtualization (RHEV) Hypervisor, which also fixes
several bugs and adds various enhancements.
All Red Hat Enterprise Virtualization users with deployed virtualization
hosts are advised to install these updated packages, which add this
enhancement. After installing this update, shut down all running virtual
machines. Once all virtual machines have shut down, start them again for
this update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | qemu-kvm-rhev | < 2.1.2-23.el7 | qemu-kvm-rhev-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | qemu-kvm-rhev-debuginfo | < 2.1.2-23.el7 | qemu-kvm-rhev-debuginfo-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | libcacard-tools-rhev | < 2.1.2-23.el7 | libcacard-tools-rhev-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | libcacard-rhev | < 2.1.2-23.el7 | libcacard-rhev-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | qemu-kvm-common-rhev | < 2.1.2-23.el7 | qemu-kvm-common-rhev-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | qemu-img-rhev | < 2.1.2-23.el7 | qemu-img-rhev-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | qemu-kvm-tools-rhev | < 2.1.2-23.el7 | qemu-kvm-tools-rhev-2.1.2-23.el7.x86_64.rpm |
| RedHat | 7 | src | qemu-kvm-rhev | < 2.1.2-23.el7 | qemu-kvm-rhev-2.1.2-23.el7.src.rpm |
| RedHat | 7 | x86_64 | libcacard-devel-rhev | < 2.1.2-23.el7 | libcacard-devel-rhev-2.1.2-23.el7.x86_64.rpm |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.891 High
EPSS
Percentile
98.2%