25 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-3214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might...
RHEL 7 : qemu-kvm-rhev (RHSA-2015:1508)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1508 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...
QEMU i8254 PIT Emulation Bug
Lenovo Security Advisory: LEN-2015-075 Potential Impact: Escalation of Privileges Severity: High Summary: A vulnerability was reported in QEMU where a local user on the guest system could potentially obtain elevated privileges on the target host system. This vulnerability was reported to Red Hat...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)
kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)
kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...
Gentoo Security Advisory GLSA 201510-02
Gentoo Linux Local Security Checks GLSA 201510-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Debian DSA-3348-1 : qemu - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3214 Matt Tait of Google's Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to...
[SECURITY] [DSA 3348-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3348-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3348-1 (qemu - security update)
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3214 Matt Tait of Google OpenVAS Vulnerability Test $Id: deb3348.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3348-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...
Fedora Update for qemu FEDORA-2015-13404
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-3348-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
CVE-2015-3214
CVE-2015-3214 affects QEMU prior to 2.3.1 (pit_ioport_read in i8254.c) and Linux kernel prior to 2.6.33. The flaw does not distinguish between read and write lengths, potentially allowing a privileged guest user (with PIT emulation enabled) to trigger an invalid index and cause arbitrary host cod...
Fedora 23 : qemu-2.4.0-1.fc23 (2015-13358)
Rebased to version 2.4.0 Support for virtio-gpu, 2D only Support for virtio-based keyboard/mouse/tablet emulation x86 support for memory hot-unplug - ACPI v5.1 table support for 'virt' board CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path bz 1230536 CVE-2015-3214: i8254: out-of-...
Fedora Update for qemu FEDORA-2015-13402
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : qemu-2.3.1-1.fc22 (2015-13402)
Rebased to version 2.3.1 - Fix crash in qemuspicecreatedisplay bz 1163047 - Fix qemu-img map crash for unaligned image bz 1229394 - CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path bz 1230536 - CVE-2015-3214: i8254: out-of-bounds memory access bz 1243728 - CVE-2015-5158: scsi...
SOL17057 - QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
RedHat Update for qemu-kvm RHSA-2015:1507-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2692-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2692-1 advisory. Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denia...