qemu: multiple vulnerabilities

CVE-2015-7549: Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method.

A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue.

CVE-2015-8558: Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a isochronous transfer descriptor list(iTD) and an infinite loop unfolds if there is a closed loop in this list.

A privileges used inside guest could use this flaw to consume excessive CPU cycles & resources on the host.

CVE-2015-8666: Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more(8 bytes) data is moved than allocated memory area.

A privileged guest user could use this issue to corrupt the VM guest image, potentially leading to a DoS. This issue affects q35 machine types.

CVE-2015-8744: Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packets smaller than 22 bytes.

A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu process instance resulting in DoS.

CVE-2015-8745: Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers(IMR).

A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu process instance resulting in DoS.