what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2015-5154

Status Candidate

Overview

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Related Files

Gentoo Linux Security Advisory 201510-02
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-2 - A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Versions less than 2.3.0-r4 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2015-3209, CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
SHA-256 | 947d9bf965c7d67dffe41ba0520fc50e4a6c74e1a0831f6018772274dde8386f
Debian Security Advisory 3348-1
Posted Sep 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3348-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3214, CVE-2015-5154, CVE-2015-5165, CVE-2015-5225, CVE-2015-5745
SHA-256 | d4caecd611d7206d6b576bd6b6ffb531a65be402acb6ce80027292d74d548c49
Red Hat Security Advisory 2015-1512-01
Posted Jul 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | 530e72ca2188050dcc033500673eaf1070ae047e520dfe654e66a7a68f67e08a
Ubuntu Security Notice USN-2692-1
Posted Jul 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2692-1 - Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
SHA-256 | 3ce14f5f91a3957a62189bc98416489ca3815723c67a8c178b27bc6f07b581b9
Red Hat Security Advisory 2015-1508-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1508-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | 00824dcce64f6db1345af18546421048f71ab7526a400efd8f3eb27dfb3700df
Red Hat Security Advisory 2015-1507-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1507-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | ddef7cd95b5ec264096b359446cefb22c25ef8d746777a0c5f1cc22a1c3f642f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close