Rapid7 Vulnerability & Exploit Database

RHSA-2015:0349: qemu-kvm security, bug fix, and enhancement update

Back to Search

RHSA-2015:0349: qemu-kvm security, bug fix, and enhancement update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/12/2014
Created
07/25/2018
Added
03/09/2015
Modified
07/04/2017

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-spacecomponent for running virtual machines using KVM.It was found that the Cirrus blit region checks were insufficient. A privilegedguest user could use this flaw to write outside of VRAM-allocated bufferboundaries in the host's QEMU process address space with attacker-provided data.(CVE-2014-8106)An uninitialized data structure use flaw was found in the way theset_pixel_format() function sanitized the value of bits_per_pixel. An attackerable to access a guest's VNC console could use this flaw to crash the guest.(CVE-2014-7815)It was found that certain values that were read when loading RAM duringmigration were not validated. A user able to alter the savevm data (either onthe disk or over the wire during migration) could use either of these flaws tocorrupt QEMU process memory on the (destination) host, which could potentiallyresult in arbitrary code execution on the host with the privileges of the QEMUprocess. (CVE-2014-7840)A NULL pointer dereference flaw was found in the way QEMU handled UDP packetswith a source port and address of 0 when QEMU's user networking was in use. Alocal guest user could use this flaw to crash the guest. (CVE-2014-3640)Red Hat would like to thank James Spadaro of Cisco for reporting CVE-2014-7815,and Xavier Mehrenberger and Stephane Duverger of Airbus for reportingCVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini of Red Hat,and the CVE-2014-7840 issue was discovered by Michael S. Tsirkin of Red Hat.Bug fixes:Enhancements:

Solution(s)

  • redhat-upgrade-libcacard
  • redhat-upgrade-libcacard-devel
  • redhat-upgrade-libcacard-tools
  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-common
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

References

  • redhat-upgrade-libcacard
  • redhat-upgrade-libcacard-devel
  • redhat-upgrade-libcacard-tools
  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-common
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;