Debian: DSA-2933-1 Critical: Qemu-Kvm Buffer Overflow Threat
debian
May 19, 2014
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware
Topics Covered
Summary
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.
CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU,
when a SCSI controller has more than 256 attached devices, allows
local users to gain privileges via a small transfer buffer in a
REPORT LUNS command.
CVE-2014-2894
Off-by-one error in the cmd_smart function in the smart self test in
hw/ide/core.c in QEMU allows local users to have
unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6+deb7u3.
We recommend that you upgrade your qemu-kvm packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: qemu-kvm
CVE ID: CVE-2013-4344 CVE-2014-2894
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!