Gentoo Linux Security Advisory 201612-27 - Multiple vulnerabilities have been found in VirtualBox, the worst of which allows local users to escalate privileges. Versions before 4.3.28 are affected.
8018cb397a0a196ca1155a3ee23c7a87d2f3e59d927afeeae104ca1ff0205aa0Gentoo Linux Security Advisory 201604-3 - Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Versions less than 4.6.0-r9 are affected.
a7e9bd9d6342dd146c7a64ee40be706e83549d090ba7149e7ac964a6280a8109Gentoo Linux Security Advisory 201602-1 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected.
cae04eed58ae8cd630be1884c1bb0f33cd229432b115814282bbffc1e4740738HP Security Bulletin HPSBMU03349 1 - A potential security vulnerability has been identified with HP Helion CloudSystem. The vulnerability could be exploited locally resulting in Denial of Service (DoS) or execution of arbitrary code. Notes: This is the vulnerability known as "Virtual Environment Neglected Operations Manipulation" also known as "VENOM". This vulnerability exists in the floppy disk controller driver of QEMU, an open-source virtualization technology used to provision guest Virtual Machines. This vulnerability affects all versions of QEMU and could lead to hypervisor breakout, where a user of the guest VM can gain control of the host. HP Helion CloudSystem leverages QEMU as a core part of its virtualization functionality and is therefore affected by this vulnerability. Revision 1 of this advisory.
98a9283d333907883fa3dcd3c1601d04aa5b59a6594cc587e75494a7a0b44299Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.
e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551eRed Hat Security Advisory 2015-1031-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
93eb47392028955345a8256ae44071c1080466c5f4ea43f0ba141a0112927614HP Security Bulletin HPSBMU03336 - A potential security vulnerability has identified with HP Helion OpenStack. The vulnerability could be exploited resulting in Denial of Service (DoS) or execution of arbitrary code. Revision 1 of this advisory.
7704cc07176751fa9734b71a387deda7db02facc204f3c1ed040b34d5919fac8Debian Linux Security Advisory 3262-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.
f85b7e0dba35842d0a29aa4cdf7466ad52be076a8bdee2b113210207ea2f0fe7Red Hat Security Advisory 2015-1011-01 - The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
fcbc36d6af9b56bdac9fa408b51df2cd12d225527fdf8a1df853277bc89bbdfdRed Hat Security Advisory 2015-1004-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
3ab0adad6fdda3667b0f1e811a8d230ad26a1f9bb5f02a2fa6f520bf3b3b42f7Red Hat Security Advisory 2015-1000-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
03f03d53cedd59584831f1b0029666475f5a81ddb57f12c6ce52d258b2f1a3cdRed Hat Security Advisory 2015-0999-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
8b8a9a5f38747ef44b28cfced166cfbeee90228726e80b1798327876421a726aRed Hat Security Advisory 2015-1001-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
601caacd379172315f6cfffb985b4159a96e67bb16763d5a658276647f625617Red Hat Security Advisory 2015-1003-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
422cb9cd2c5794c27203769b3c622eee2665f29cb4a6305ca8a00af32b1ea44bRed Hat Security Advisory 2015-1002-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
36b8dc0dc040f168bcfb6d3931f9b68020149d31e605934b0251afd569aa45b8Red Hat Security Advisory 2015-0998-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
4560d87105d92523f195c69d8a771fe7e08b0abb29590473f66f27e5963fe158Ubuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.
8016922249d1200857b855be754556a4986b2239c15572207796d8c4f2e6d88fDebian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.
0023f319a16ece6a882500e80e69ae44288802e335ef47565d8d36f8fc537ea8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed