Rapid7 Vulnerability & Exploit Database

RHSA-2014:0743: qemu-kvm security and bug fix update

Back to Search

RHSA-2014:0743: qemu-kvm security and bug fix update



KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.Multiple buffer overflow, input validation, and out-of-bounds write flawswere found in the way the virtio, virtio-net, virtio-scsi, and usb driversof QEMU handled state loading after migration. A user able to alter thesavevm data (either on the disk or over the wire during migration) coulduse either of these flaws to corrupt QEMU process memory on the(destination) host, which could potentially result in arbitrary codeexecution on the host with the privileges of the QEMU process.(CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541,CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)An out-of-bounds memory access flaw was found in the way QEMU's IDE devicedriver handled the execution of SMART EXECUTE OFFLINE commands.A privileged guest user could use this flaw to corrupt QEMU process memoryon the host, which could potentially result in arbitrary code execution onthe host with the privileges of the QEMU process. (CVE-2014-2894)The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536,CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, andCVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat,Anthony Liguori, and Michael Roth.This update also fixes the following bugs:Can't assign device inside non-zero PCI segment as this KVM module doesn'tsupport it.This update fixes this issue and guests using the aforementionedconfiguration no longer fail to start. (BZ#1099941)All qemu-kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.


  • redhat-upgrade-qemu-guest-agent
  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center