Qemu: ide: ahci use-after-free vulnerability in aio port commands

A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...

Qemu: nvram: OOB r/w access in processing firmware configurations

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with...

Qemu: nvram: OOB r/w access in processing firmware configurations

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with...

Qemu: nvram: OOB r/w access in processing firmware configurations

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with...

USN-2828-1 qemu, qemu-kvm vulnerabilities

Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption, resulting in a denial of service. CVE-2015-7295 Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the pcnet driver when used in...

qemu: Heap overflow vulnerability in ne2000_receive() function

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance denial of service or potentially execute arbitrary code on the host...

qemu: Heap overflow vulnerability in ne2000_receive() function

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance denial of service or potentially execute arbitrary code on the host...

Qemu: ui: vnc: heap memory corruption in vnc_refresh_server_surface

A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vncrefreshserversurface routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process...

USN-2736-1 spice vulnerability

Frediano Ziglio discovered that Spice incorrectly handled monitor configs. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attacke...

UBUNTU-CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via QXL commands related to the surfaceid parameter...

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1479-1)

xen was updated to fix the following security issues : - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model bsc939712, XSA-140 - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol bsc939709, XSA-139 - CVE-2015-2751: Certain domctl operations could have be...

SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2015:1455-1)

kvm was updated to fix one security issue. This security issue was fixed : - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

DEBIAN-CVE-2015-3214

The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...

SUSE-SU-2015:1472-1 Security update for kvm

kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344...

SUSE SLES11 Security Update : xen (SUSE-SU-2015:1408-1)

This security update of Xen fixes the following issues : - bsc939712 XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model CVE-2015-5165 - bsc938344: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM CVE-2015-5154 Note that Tenable Network Security has extracted the...

DEBIAN-CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

SUSE-SU-2015:1479-2 Security update for xen

xen was updated to fix the following security issues: CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model bsc939712, XSA-140 CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol bsc939709, XSA-139 CVE-2015-2751: Certain domctl operations could have be used to...

SUSE-SU-2015:1479-1 Security update for xen

xen was updated to fix the following security issues: CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model bsc939712, XSA-140 CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol bsc939709, XSA-139 CVE-2015-2751: Certain domctl operations could have be used to...

SUSE-SU-2015:1421-1 Security update for xen

Xen was updated to fix the following security issues: CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344 CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model XSA-140, bsc939712...

SUSE-SU-2015:1408-1 Security update for xen

This security update of Xen fixes the following issues: bsc939712 XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model CVE-2015-5165 bsc938344: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM CVE-2015-5154...