Rapid7 Vulnerability & Exploit Database

RHSA-2014:0420: qemu-kvm security update

Back to Search

RHSA-2014:0420: qemu-kvm security update

Severity
5
CVSS
(AV:A/AC:M/Au:S/C:P/I:P/A:P)
Published
04/18/2014
Created
07/25/2018
Added
04/23/2014
Modified
03/21/2018

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.Multiple integer overflow, input validation, logic error, and bufferoverflow flaws were discovered in various QEMU block drivers. An attackerable to modify a disk image file loaded by a guest could use these flaws tocrash the guest, or corrupt QEMU process memory on the host, potentiallyresulting in arbitrary code execution on the host with the privileges ofthe QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,CVE-2014-0147)A buffer overflow flaw was found in the way the virtio_net_handle_mac()function of QEMU processed guest requests to update the table of MACaddresses. A privileged guest user could use this flaw to corrupt QEMUprocess memory on the host, potentially resulting in arbitrary codeexecution on the host with the privileges of the QEMU process.(CVE-2014-0150)A divide-by-zero flaw was found in the seek_to_sector() function of theparallels block driver in QEMU. An attacker able to modify a disk imagefile loaded by a guest could use this flaw to crash the guest.(CVE-2014-0142)A NULL pointer dereference flaw was found in the QCOW2 block driver inQEMU. An attacker able to modify a disk image file loaded by a guest coulduse this flaw to crash the guest. (CVE-2014-0146)It was found that the block driver for Hyper-V VHDX images did notcorrectly calculate BAT (Block Allocation Table) entries due to a missingbounds check. An attacker able to modify a disk image file loaded by aguest could use this flaw to crash the guest. (CVE-2014-0148)The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnocziof Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, JeffCody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issueswere discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue wasdiscovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142,CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf ofRed Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody ofRed Hat.All qemu-kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.

Solution(s)

  • redhat-upgrade-qemu-guest-agent
  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

References

  • redhat-upgrade-qemu-guest-agent
  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;