Mandriva Linux Security Advisory 2015-061 - Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other issues have also been addressed.
efc025d8f78ef3f1361bcdb1317e0ecdf4463dd8790e6a8c095fd9e4a59acb0bMandriva Linux Security Advisory 2014-220 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other security issues were also addressed.
480666aecbbb024a07215735219c58b0e7f5a12a96b93245aa388fe716692f65Debian Linux Security Advisory 3045-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
70386335468c79a9bd2bd25b77c7a646092311f40b2f6b2d2f8c4b641e26f40fDebian Linux Security Advisory 3044-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
e8599a5674fc1ceb3a5eeb1f77badb3c647eb985a9f21338ab517290856e4b31Ubuntu Security Notice 2342-1 - Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
5ffa3505d05ee8e3c4c8b580434d263c33d6ac7e8f2b62913fb8732e725391cbGentoo Linux Security Advisory 201408-17 - Multiple vulnerabilities have been found in QEMU, worst of which allows local attackers to execute arbitrary code. Versions less than 2.0.0-r1 are affected.
9d6ef3512527b948060fb59c7854bf14c239e1401b4d23ee32f8ef1c70a86be4Red Hat Security Advisory 2014-0435-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
65bcbea57d78d85c5b05751039889feb143cb53910b8e45ef7a82fd0655c3cadRed Hat Security Advisory 2014-0434-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
fb7001b7ad03be3d30a012695c3087eed9911c97c37beafb408f143bab5c00ddRed Hat Security Advisory 2014-0421-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
6bb6017ff037f6088c5db07a13171259bd985f61435dcf170ba95439f45a61c8Red Hat Security Advisory 2014-0420-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
5ff929048132cfe17cbd13f84dc1814a3f026c9794cbf817379cf915013f4b76
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed