ID CVE-2014-0150
Summary Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • QEMU 0.1
    cpe:2.3:a:qemu:qemu:0.1
  • QEMU 0.1.1
    cpe:2.3:a:qemu:qemu:0.1.1
  • QEMU 0.1.2
    cpe:2.3:a:qemu:qemu:0.1.2
  • QEMU 0.1.3
    cpe:2.3:a:qemu:qemu:0.1.3
  • QEMU 0.1.4
    cpe:2.3:a:qemu:qemu:0.1.4
  • QEMU 0.1.5
    cpe:2.3:a:qemu:qemu:0.1.5
  • QEMU 0.1.6
    cpe:2.3:a:qemu:qemu:0.1.6
  • QEMU 0.2
    cpe:2.3:a:qemu:qemu:0.2
  • QEMU 0.3
    cpe:2.3:a:qemu:qemu:0.3
  • QEMU 0.4
    cpe:2.3:a:qemu:qemu:0.4
  • QEMU 0.4.1
    cpe:2.3:a:qemu:qemu:0.4.1
  • QEMU 0.4.2
    cpe:2.3:a:qemu:qemu:0.4.2
  • QEMU 0.4.3
    cpe:2.3:a:qemu:qemu:0.4.3
  • QEMU 0.5.0
    cpe:2.3:a:qemu:qemu:0.5.0
  • QEMU 0.5.1
    cpe:2.3:a:qemu:qemu:0.5.1
  • QEMU 0.5.2
    cpe:2.3:a:qemu:qemu:0.5.2
  • QEMU 0.5.3
    cpe:2.3:a:qemu:qemu:0.5.3
  • QEMU 0.5.4
    cpe:2.3:a:qemu:qemu:0.5.4
  • QEMU 0.5.5
    cpe:2.3:a:qemu:qemu:0.5.5
  • QEMU 0.6.0
    cpe:2.3:a:qemu:qemu:0.6.0
  • QEMU 0.6.1
    cpe:2.3:a:qemu:qemu:0.6.1
  • QEMU 0.7.0
    cpe:2.3:a:qemu:qemu:0.7.0
  • QEMU 0.7.1
    cpe:2.3:a:qemu:qemu:0.7.1
  • QEMU 0.7.2
    cpe:2.3:a:qemu:qemu:0.7.2
  • QEMU 0.8.0
    cpe:2.3:a:qemu:qemu:0.8.0
  • QEMU 0.8.1
    cpe:2.3:a:qemu:qemu:0.8.1
  • QEMU 0.8.2
    cpe:2.3:a:qemu:qemu:0.8.2
  • QEMU 0.9.0
    cpe:2.3:a:qemu:qemu:0.9.0
  • QEMU 0.9.1
    cpe:2.3:a:qemu:qemu:0.9.1
  • QEMU 0.9.1-5
    cpe:2.3:a:qemu:qemu:0.9.1-5
  • QEMU 0.10.0
    cpe:2.3:a:qemu:qemu:0.10.0
  • QEMU 0.10.1
    cpe:2.3:a:qemu:qemu:0.10.1
  • QEMU 0.10.2
    cpe:2.3:a:qemu:qemu:0.10.2
  • QEMU 0.10.3
    cpe:2.3:a:qemu:qemu:0.10.3
  • QEMU 0.10.4
    cpe:2.3:a:qemu:qemu:0.10.4
  • QEMU 0.10.5
    cpe:2.3:a:qemu:qemu:0.10.5
  • QEMU 0.10.6
    cpe:2.3:a:qemu:qemu:0.10.6
  • QEMU 0.11.0
    cpe:2.3:a:qemu:qemu:0.11.0
  • QEMU 0.11.0-rc0
    cpe:2.3:a:qemu:qemu:0.11.0:rc0
  • QEMU 0.11.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.11.0:rc1
  • QEMU 0.11.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.11.0:rc2
  • QEMU 0.11.0-rc0
    cpe:2.3:a:qemu:qemu:0.11.0-rc0
  • QEMU 0.11.0-rc1
    cpe:2.3:a:qemu:qemu:0.11.0-rc1
  • QEMU 0.11.0-rc2
    cpe:2.3:a:qemu:qemu:0.11.0-rc2
  • QEMU 0.11.1
    cpe:2.3:a:qemu:qemu:0.11.1
  • QEMU 0.12.0
    cpe:2.3:a:qemu:qemu:0.12.0
  • QEMU 0.12.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.12.0:rc1
  • QEMU 0.12.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.12.0:rc2
  • QEMU 0.12.1
    cpe:2.3:a:qemu:qemu:0.12.1
  • QEMU 0.12.2
    cpe:2.3:a:qemu:qemu:0.12.2
  • QEMU 0.12.3
    cpe:2.3:a:qemu:qemu:0.12.3
  • QEMU 0.12.4
    cpe:2.3:a:qemu:qemu:0.12.4
  • QEMU 0.12.5
    cpe:2.3:a:qemu:qemu:0.12.5
  • QEMU 0.13.0
    cpe:2.3:a:qemu:qemu:0.13.0
  • QEMU 0.13.0 release candidate 0
    cpe:2.3:a:qemu:qemu:0.13.0:rc0
  • QEMU 0.13.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.13.0:rc1
  • QEMU 0.14.0
    cpe:2.3:a:qemu:qemu:0.14.0
  • QEMU 0.14.0 release candidate 0
    cpe:2.3:a:qemu:qemu:0.14.0:rc0
  • QEMU 0.14.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.14.0:rc1
  • QEMU 0.14.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.14.0:rc2
  • QEMU 0.14.1
    cpe:2.3:a:qemu:qemu:0.14.1
  • QEMU 0.15.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.15.0:rc1
  • QEMU 0.15.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.15.0:rc2
  • QEMU 0.15.1
    cpe:2.3:a:qemu:qemu:0.15.1
  • QEMU 0.15.2
    cpe:2.3:a:qemu:qemu:0.15.2
  • QEMU 1.0
    cpe:2.3:a:qemu:qemu:1.0
  • QEMU 1.0 release candidate 1
    cpe:2.3:a:qemu:qemu:1.0:rc1
  • QEMU 1.0 release candidate 2
    cpe:2.3:a:qemu:qemu:1.0:rc2
  • QEMU 1.0 release candidate 3
    cpe:2.3:a:qemu:qemu:1.0:rc3
  • QEMU 1.0 release candidate 4
    cpe:2.3:a:qemu:qemu:1.0:rc4
  • QEMU 1.0.1
    cpe:2.3:a:qemu:qemu:1.0.1
  • QEMU 1.1
    cpe:2.3:a:qemu:qemu:1.1
  • QEMU 1.1 release candidate 1
    cpe:2.3:a:qemu:qemu:1.1:rc1
  • QEMU 1.1 release candidate 2
    cpe:2.3:a:qemu:qemu:1.1:rc2
  • QEMU 1.1 release candidate 3
    cpe:2.3:a:qemu:qemu:1.1:rc3
  • QEMU 1.1 release candidate 4
    cpe:2.3:a:qemu:qemu:1.1:rc4
  • QEMU 1.4.1
    cpe:2.3:a:qemu:qemu:1.4.1
  • QEMU 1.4.2
    cpe:2.3:a:qemu:qemu:1.4.2
  • QEMU 1.5.0
    cpe:2.3:a:qemu:qemu:1.5.0
  • QEMU 1.5.0 release candidate 1
    cpe:2.3:a:qemu:qemu:1.5.0:rc1
  • QEMU 1.5.0 release candidate 2
    cpe:2.3:a:qemu:qemu:1.5.0:rc2
  • QEMU 1.5.0 release candidate 3
    cpe:2.3:a:qemu:qemu:1.5.0:rc3
  • QEMU 1.5.1
    cpe:2.3:a:qemu:qemu:1.5.1
  • QEMU 1.5.2
    cpe:2.3:a:qemu:qemu:1.5.2
  • QEMU 1.5.3
    cpe:2.3:a:qemu:qemu:1.5.3
  • QEMU 1.6.0
    cpe:2.3:a:qemu:qemu:1.6.0
  • QEMU 1.6.0 release candidate 1
    cpe:2.3:a:qemu:qemu:1.6.0:rc1
  • QEMU 1.6.0 release candidate 2
    cpe:2.3:a:qemu:qemu:1.6.0:rc2
  • QEMU 1.6.0 release candidate 3
    cpe:2.3:a:qemu:qemu:1.6.0:rc3
  • QEMU 1.6.1
    cpe:2.3:a:qemu:qemu:1.6.1
  • QEMU 1.6.2
    cpe:2.3:a:qemu:qemu:1.6.2
  • QEMU 1.7.1
    cpe:2.3:a:qemu:qemu:1.7.1
  • cpe:2.3:a:qemu:qemu:2.0
    cpe:2.3:a:qemu:qemu:2.0
  • QEMU 2.0.0
    cpe:2.3:a:qemu:qemu:2.0.0
  • QEMU 2.0.0 release candidate 0
    cpe:2.3:a:qemu:qemu:2.0.0:rc0
  • QEMU 2.0.0 release candidate 1
    cpe:2.3:a:qemu:qemu:2.0.0:rc1
  • QEMU 2.0.0 release candidate 2
    cpe:2.3:a:qemu:qemu:2.0.0:rc2
  • QEMU 2.0.0 release candidate 3
    cpe:2.3:a:qemu:qemu:2.0.0:rc3
  • Red Hat Enterprise Linux 6
    cpe:2.3:o:redhat:enterprise_linux:6
CVSS
Base: 4.9 (as of 21-04-2014 - 11:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0420.NASL
    description Updated qemu-kvm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73656
    published 2014-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73656
    title CentOS 6 : qemu-kvm (CESA-2014:0420)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5825.NASL
    description - Fix arm sd warnings with latest kernel (bz #1091548) - Fix regression in CVE backport that affects openstack (thanks lbezdick) - Fix guest startup crashes from autotest (bz #1081610) - Block/image format validation CVE-2014-0142 - 2014-0148 (bz #1078201, bz #1086710, bz #1079140, bz #1086724, bz #1079240, bz #1086735, bz #1078885, bz #1086720, bz #1078232, bz #1086713, bz #1078848, bz #1086717, bz #1078212, bz #1086712) - CVE-2014-0150: virtio-net: buffer overflow in virtio_net_handle_mac() function (bz #1086775, bz #1078846) - CVE-2013-4544: vmxnet3: bounds checking buffer overrun (bz #1087513, bz #1087522) - CVE-2014-2894: out of bounds buffer accesses, guest triggerable via IDE SMART (bz #1087981, bz #1087971) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 73818
    published 2014-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73818
    title Fedora 20 : qemu-1.6.2-4.fc20 (2014-5825)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0421.NASL
    description Updated qemu-kvm-rhev packages that fix several security issues are now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79015
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79015
    title RHEL 6 : qemu-kvm-rhev (RHSA-2014:0421)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15951.NASL
    description Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79902
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79902
    title Fedora 21 : xen-4.4.1-9.fc21 (2014-15951)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0420.NASL
    description From Red Hat Security Advisory 2014:0420 : Updated qemu-kvm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 73662
    published 2014-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73662
    title Oracle Linux 6 : qemu-kvm (ELSA-2014-0420)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2909.NASL
    description Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73625
    published 2014-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73625
    title Debian DSA-2909-1 : qemu - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15521.NASL
    description Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79652
    published 2014-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79652
    title Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2910.NASL
    description Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73626
    published 2014-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73626
    title Debian DSA-2910-1 : qemu-kvm - security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-220.NASL
    description Updated qemu packages fix security vulnerabilities : Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host (CVE-2013-4544). Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147). A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-0150). A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest (CVE-2014-0142). A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest (CVE-2014-0146). It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest (CVE-2014-0148). An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-2894). Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-0222, CVE-2014-0223). Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461). An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest (CVE-2014-3615). When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access Only guests using qemu user networking are affected (CVE-2014-3640). The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-3689). It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2014-5263). James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest (CVE-2014-7815). Additionally qemu-1.6+ requires usbredir-0.6+ for USB redirection support which is also being provided with this advisory.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79407
    published 2014-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79407
    title Mandriva Linux Security Advisory : qemu (MDVSA-2014:220)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15503.NASL
    description Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79651
    published 2014-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79651
    title Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KVM-140528.NASL
    description Several security issues in KVM have been fixed. Some issues could have resulted in arbitrary code execution or crash of the kvm host. - virtio-net: buffer overflow in virtio_net_handle_mac() function. (CVE-2014-0150) - Fixed out of bounds buffer accesses, guest triggerable via IDE SMART. (CVE-2014-2894) - Fixed various virtio-net buffer overflows. (CVE-2013-4148 / CVE-2013-4149 / CVE-2013-4150 / CVE-2013-4151) - Fixed ahci buffer overrun. (CVE-2013-4526) - Fixed hpet buffer overrun. (CVE-2013-4527) - Fixed a PCIE-AER buffer overrun. (CVE-2013-4529) - Fixed a buffer overrun in pl022. (CVE-2013-4530) - Fixed a vmstate buffer overflow. (CVE-2013-4531) - Fixed a pxa2xx buffer overrun. (CVE-2013-4533) - Fixed a openpic buffer overrun. (CVE-2013-4534) - Validate virtio num_sg mapping. (CVE-2013-4535 / CVE-2013-4536) - Fixed ssi-sd buffer overrun. (CVE-2013-4537) - Fixed ssd0323 buffer overrun. (CVE-2013-4538) - Fixed tsc210x buffer overrun. (CVE-2013-4539) - Fixed Zaurus buffer overrun. (CVE-2013-4540) - Some USB sanity checking added. (CVE-2013-4541) - Fixed virtio scsi buffer overrun. (CVE-2013-4542) - Fixed another virtio buffer overrun. (CVE-2013-6399) - Validate config_len on load in virtio (CVE-2014-0182)
    last seen 2019-02-21
    modified 2014-11-06
    plugin id 76138
    published 2014-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76138
    title SuSE 11.3 Security Update : KVM (SAT Patch Number 9302)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-17 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77461
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77461
    title GLSA-201408-17 : QEMU: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2182-1.NASL
    description Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-0150) Benoit Canet discovered that QEMU incorrectly handled SMART self-tests. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-2894). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 73752
    published 2014-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73752
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : qemu, qemu-kvm vulnerabilities (USN-2182-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0674.NASL
    description Updated rhev-hypervisor6 packages that fix multiple security issues, several bugs, and add various enhancements are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat, and the CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat, Anthony Liguori, and Michael Roth. Other changes to the rhev-hypervisor6 component : * The most recent builds of rhn-virtualization-common and rhn-virtualization-host are included in version 3.4.0. (BZ#1095812) All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79029
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79029
    title RHEL 6 : rhev-hypervisor6 3.4.0 (RHSA-2014:0674)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-061.NASL
    description Updated qemu packages fix multiple security vulnerabilities : Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service (CVE-2013-4377). Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host (CVE-2013-4544). Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147). A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-0150). A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest (CVE-2014-0142). A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest (CVE-2014-0146). It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest (CVE-2014-0148). An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-2894). Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-0222, CVE-2014-0223). Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461). An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest (CVE-2014-3615). When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access Only guests using qemu user networking are affected (CVE-2014-3640). The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-3689). It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2014-5263). James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest (CVE-2014-7815). During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-7840). Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-8106). This update also provides usbredirparser 0.6 as a prerequisite of qemu-1.6.2
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 81944
    published 2015-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81944
    title Mandriva Linux Security Advisory : qemu (MDVSA-2015:061)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0420.NASL
    description Updated qemu-kvm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73663
    published 2014-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73663
    title RHEL 6 : qemu-kvm (RHSA-2014:0420)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140422_QEMU_KVM_ON_SL6_X.NASL
    description Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 73664
    published 2014-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73664
    title Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64
redhat via4
advisories
bugzilla
id 1079240
title CVE-2014-0144 Qemu: block: missing input validation
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6_5.8
        oval oval:com.redhat.rhsa:tst:20140420007
      • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20121234008
    • AND
      • comment qemu-img is earlier than 2:0.12.1.2-2.415.el6_5.8
        oval oval:com.redhat.rhsa:tst:20140420009
      • comment qemu-img is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110345008
    • AND
      • comment qemu-kvm is earlier than 2:0.12.1.2-2.415.el6_5.8
        oval oval:com.redhat.rhsa:tst:20140420005
      • comment qemu-kvm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110345006
    • AND
      • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.415.el6_5.8
        oval oval:com.redhat.rhsa:tst:20140420011
      • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110345010
rhsa
id RHSA-2014:0420
released 2014-04-22
severity Moderate
title RHSA-2014:0420: qemu-kvm security update (Moderate)
rpms
  • qemu-guest-agent-2:0.12.1.2-2.415.el6_5.8
  • qemu-img-2:0.12.1.2-2.415.el6_5.8
  • qemu-kvm-2:0.12.1.2-2.415.el6_5.8
  • qemu-kvm-tools-2:0.12.1.2-2.415.el6_5.8
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1078846
debian
  • DSA-2909
  • DSA-2910
mlist
  • [Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun
  • [Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun
secunia
  • 57878
  • 58191
ubuntu USN-2182-1
Last major update 10-05-2014 - 00:01
Published 18-04-2014 - 10:55
Last modified 15-12-2017 - 21:29
Back to Top