12 matches found
Security Bulletin: PowerKVM is affected by a qemu vulnerability (CVE-2014-9718)
Summary PowerKVM is affected by a qemu vulnerability. Vulnerability Details CVEID: CVE-2014-9718 DESCRIPTION: QEMU is vulnerable to a denial of service, caused by the failure to restrict malicious PRDT data from flowing from a guest to the host's IDE or AHCI controllers. A remote attacker could...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)
kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)
kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...
SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1)
xen was updated to fix 47 security issues. These security issues were fixed : - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers bnc864673. - CVE-2013-4529: Buffer overflow in hw/pci/pcieaer...
[USN-2724-1] QEMU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2724-1 August 27, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
USN-2724-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-9718 Donghai Zhu discovered that QEMU...
[SECURITY] [DSA 3259-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3259-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3259-1 (qemu - security update)
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder...
DSA-3259-1 qemu - security update
Bulletin has no description...
Debian DSA-3259-1 : qemu - security update (Venom)
Several vulnerabilities were discovered in the qemu virtualisation solution : - CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. - CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. -...
CVE-2014-9718
CVE-2014-9718 affects QEMU 1.0–2.1.3 (IDE: BMDMA and AHCI HBA). The vulnerability comes from multiple interpretations of a function return value in bmdma_prepare_buf/ahci_dma_prepare_buf, allowing a guest OS user to trigger host DoS via a PRDT with zero complete sectors, potentially causing memor...
CVE-2014-9718
The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...