Gentoo Linux Security Advisory 201604-3 - Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Versions less than 4.6.0-r9 are affected.
a7e9bd9d6342dd146c7a64ee40be706e83549d090ba7149e7ac964a6280a8109
Gentoo Linux Security Advisory 201309-24 - Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Versions less than 4.2.2-r1 are affected.
42fbd346dc4e79100c814835fd5068ef0a6bd2ccc23977307e7f191f8be1cc22
Mandriva Linux Security Advisory 2013-121 - A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long /tmp. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu , or to point to an attacker-readable file that could expose data from the guest to the attacker. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames.
0f5d0689948e74e63089abe6af1a0447a0fe343b5e6c2298fef30b4a9d5cf5b8
Red Hat Security Advisory 2012-1325-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
944168e949627ab2a24f35e55778352642902fc4e44ebfab3c03a60103a92ae1
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
2f4a48df39c34c1e17c872a0649f0c680158ab4cbab47d1918aa15775146a20f
Red Hat Security Advisory 2012-1262-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
11979e71f57cd7fa51e61d9196b4b841df1d1259804ccd26b3beef5ccec7db4a
Debian Linux Security Advisory 2545-1 - Multiple vulnerabilities have been discovered in qemu, a fast processor emulator.
8e5c7692bbe174766d9b636a0cc8c8fe9870a09a5a9c7ad9cfbcae5653433f52
Debian Linux Security Advisory 2543-1 - Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen Qemu Device Model virtual machine hardware emulator.
6c76faea6ac6cbfa1c9eda1f30e879928782ec2b1071c8550ad28724c9bf136a
Debian Linux Security Advisory 2542-1 - Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware.
00685f3c7620cdca669660f768658bfc96ecb973fbc7077496fc77baee3a9f0f
Red Hat Security Advisory 2012-1235-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.
2e72404216c3ee627824dd4a583eb5f74d5968989dd2fb3e58110197360a194d
Red Hat Security Advisory 2012-1234-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.
6a384c1a9ccd0779f022edf973bed9cfca61a4984ea14e178600b74973b2f749
Red Hat Security Advisory 2012-1236-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected.
5a437dc88e25e547dd5a7f8d93690e54170211af6651faf9d1b63726921ed829
Red Hat Security Advisory 2012-1233-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. When using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed by Red Hat Enterprise Virtualization:
e3a4ad3b13850d26853b138ed415d5a6fb1f4177d92964ebb3a55a1b66817641