Mandriva Linux Security Advisory 2014-220 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other security issues were also addressed.
480666aecbbb024a07215735219c58b0e7f5a12a96b93245aa388fe716692f65Gentoo Linux Security Advisory 201408-17 - Multiple vulnerabilities have been found in QEMU, worst of which allows local attackers to execute arbitrary code. Versions less than 2.0.0-r1 are affected.
9d6ef3512527b948060fb59c7854bf14c239e1401b4d23ee32f8ef1c70a86be4Ubuntu Security Notice 2182-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Various other issues were also addressed.
9700f1e369f6c75392ba440defb4087b4a9b1b71d9338c9338c67279882a6a1eRed Hat Security Advisory 2014-0435-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
65bcbea57d78d85c5b05751039889feb143cb53910b8e45ef7a82fd0655c3cadRed Hat Security Advisory 2014-0434-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
fb7001b7ad03be3d30a012695c3087eed9911c97c37beafb408f143bab5c00ddRed Hat Security Advisory 2014-0421-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
6bb6017ff037f6088c5db07a13171259bd985f61435dcf170ba95439f45a61c8Red Hat Security Advisory 2014-0420-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
5ff929048132cfe17cbd13f84dc1814a3f026c9794cbf817379cf915013f4b76Debian Linux Security Advisory 2910-1 - Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.
52575665baaeb878ce9083fe942d1d6fc71a1cdb48ddddbf66a810e4959d714cDebian Linux Security Advisory 2909-1 - Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.
d5a88db7fc21bba30775e197759c2a16f7fc56b2f46b2263b0fa4c19795bc6ad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed