Red Hat Security Advisory 2015-0349-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest.
88d94c7ab506e99fd24176341a61bb2cb42a9aa09fc34eacb71a4b557623aadfRed Hat Security Advisory 2015-0624-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Virtualization Manager. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest.
9f25d6ad12441e1e0e03b96c1483d8d9610e0f798f5e557972eef57a29a6617fGentoo Linux Security Advisory 201412-1 - Multiple vulnerabilities have been found in QEMU, the worst of which allows context dependent attackers to cause Denial of Service. Versions less than 2.1.2-r1 are affected.
db1a5bd8e4e947de1f052c0efff6a9541782125b666407bd6f444a122ac0d75eUbuntu Security Notice 2409-1 - Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. Various other issues were also addressed.
0560bed7a0207b09b9eee574c086a9c96540723b7c21d6b2f08c965ea0f7d038Debian Linux Security Advisory 3067-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
bae8184d28773efc0a9ada0165192aed9ed93505d36ada9b6e91c8e8e62d0d99Debian Linux Security Advisory 3066-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
cc7e4bf973603b22929a3001501a664de8cea19fff8e2e523e37a0b84ec81030
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed