Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Debian: DSA-3348-1 Critical: QEMU Execution Issues And Fixes

debian
Calendar Grey September 2, 2015
Debian Logo
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities were discovered in qemu, a fast processor emulator

Summary

CVE-2015-3214

Matt Tait of Google's Project Zero security team discovered a flaw
in the QEMU i8254 PIT emulation. A privileged guest user in a guest
with QEMU PIT emulation enabled could potentially use this flaw to
execute arbitrary code on the host with the privileges of the
hosting QEMU process.

CVE-2015-5154

Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the
IDE subsystem in QEMU while processing certain ATAPI commands. A
privileged guest user in a guest with the CDROM drive enabled could
potentially use this flaw to execute arbitrary code on the host with
the privileges of the hosting QEMU process.

CVE-2015-5165

Donghai Zhu discovered that the QEMU model of the RTL8139 network
card did not sufficiently validate inputs in the C+ mode offload
emulation, allowing a malicious guest to read uninitialized memory
from the QEMU process's heap.

CVE-2015-5225

Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc
di...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: qemu
CVE ID: CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.