|
|
Subscribe / Log in / New account

qemu: multiple vulnerabilities

Package(s):qemu CVE #(s):CVE-2014-0222 CVE-2014-0223 CVE-2014-3461
Created:June 10, 2014 Updated:September 15, 2014
Description: From the Red Hat bugzilla:

CVE-2014-0223: Qemu block driver for the QCOW version 1 image format is vulnerable to an integer overflow flaw. It occurs due to weak input validations or logic errors. Such integer overflow could lead to buffer overflows, memory corruption or crash in Qemu instance.

An user able to alter the Qemu disk image files loaded by a guest could use this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

CVE-2014-0222: Qemu block driver for the QCOW version 1 image format is vulnerable to an integer overflow flaw. It occurs due to weak input validations or logic errors. Such integer overflow could lead to buffer overflows, memory corruption or crash in Qemu instance.

An user able to alter the Qemu disk image files loaded by a guest could use this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

CVE-2014-3461: Correct post load checks:

  1. dev->setup_len == sizeof(dev->data_buf) seems fine, no need to fail migration
  2. When state is DATA, passing index > len will cause memcpy with negative length, resulting in heap overflow
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Alerts:
SUSE SUSE-SU-2016:1745-1 xen 2016-07-06
SUSE SUSE-SU-2016:1445-1 Xen 2016-05-30
SUSE SUSE-SU-2016:1318-1 xen 2016-05-17
SUSE SUSE-SU-2016:1154-1 xen 2016-04-26
openSUSE openSUSE-SU-2016:0995-1 xen 2016-04-08
SUSE SUSE-SU-2016:0955-1 xen 2016-04-05
openSUSE openSUSE-SU-2016:0914-1 xen 2016-03-30
SUSE SUSE-SU-2016:0873-1 xen 2016-03-24
SUSE SUSE-SU-2016:0658-1 Xen 2016-03-04
openSUSE openSUSE-SU-2015:2003-1 xen 2015-11-17
openSUSE openSUSE-SU-2015:1965-1 xen 2015-11-12
openSUSE openSUSE-SU-2015:1964-1 xen 2015-11-12
SUSE SUSE-SU-2015:1952-1 xen 2015-11-10
SUSE SUSE-SU-2015:1908-1 xen 2015-11-04
SUSE SUSE-SU-2015:1894-1 xen 2015-11-03
SUSE SUSE-SU-2015:1853-1 xen 2015-10-30
SUSE SUSE-SU-2015:0929-1 KVM 2015-05-22
Mandriva MDVSA-2015:061 qemu 2015-03-13
Oracle ELSA-2015-0349 qemu-kvm 2015-03-12
Mandriva MDVSA-2014:220 qemu 2014-11-21
Mageia MGASA-2014-0426 qemu 2014-10-28
Debian DSA-3044-1 qemu-kvm 2014-10-04
Debian DSA-3045-1 qemu 2014-10-04
Red Hat RHSA-2014:1268-01 qemu-kvm-rhev 2014-09-22
Red Hat RHSA-2014:1187-01 qemu-kvm-rhev 2014-09-15
Ubuntu USN-2342-1 qemu, qemu-kvm 2014-09-08
Gentoo 201408-17 qemu 2014-08-30
Oracle ELSA-2014-1075 qemu-kvm 2014-08-19
CentOS CESA-2014:1075 qemu-kvm 2014-08-19
Scientific Linux SLSA-2014:1075-1 qemu-kvm 2014-08-19
Red Hat RHSA-2014:1075-01 qemu-kvm 2014-08-19
CentOS CESA-2014:0927 qemu-kvm 2014-07-25
Red Hat RHSA-2014:0888-01 qemu-kvm-rhev 2014-07-24
Oracle ELSA-2014-0927 qemu-kvm 2014-07-23
Red Hat RHSA-2014:0927-01 qemu-kvm 2014-07-23
Scientific Linux SLSA-2014:0743-1 qemu-kvm 2014-06-11
Red Hat RHSA-2014:0743-01 qemu-kvm 2014-06-10
CentOS CESA-2014:0743 qemu-kvm 2014-06-11
Oracle ELSA-2014-0743 qemu-kvm 2014-06-10
Fedora FEDORA-2014-6970 qemu 2014-06-10
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds