usn-2891-1
Vulnerability from osv_ubuntu
Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-7549)
Lian Yihan discovered that QEMU incorrectly handled the VNC server. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8504)
Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)
Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2015-8558)
Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)
Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)
Ling Liu discovered that QEMU incorrectly handled the Human Monitor Interface. A local attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)
David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset emulation when performing VM guest migrations. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)
Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8743)
It was discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)
Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1568)
Donghai Zhu discovered that QEMU incorrect handled the firmware configuration device. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1714)
It was discovered that QEMU incorrectly handled the e1000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-1981)
Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 15.10. (CVE-2016-2197)
Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-2198)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-7549",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8504",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8550",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8558",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8567",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8568",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8613",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8619",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8666",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8743",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8744",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8745",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1568",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1714",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1922",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1981",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2198",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.22"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.22?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.22"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21"
]
}
],
"aliases": [],
"details": "Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2015-7549)\n\nLian Yihan discovered that QEMU incorrectly handled the VNC server. A\nremote attacker could use this issue to cause QEMU to crash, resulting in a\ndenial of service. (CVE-2015-8504)\n\nFelix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in the\nparavirtualized guest could exploit this flaw to cause a denial of service\n(crash the host) or potentially execute arbitrary code on the host.\n(CVE-2015-8550)\n\nQinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation\nsupport. An attacker inside the guest could use this issue to cause QEMU to\nconsume resources, resulting in a denial of service. (CVE-2015-8558)\n\nQinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device.\nAn attacker inside the guest could use this issue to cause QEMU to consume\nresources, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)\n\nQinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA\nemulation. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)\n\nLing Liu discovered that QEMU incorrectly handled the Human Monitor\nInterface. A local attacker could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)\n\nDavid Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset\nemulation when performing VM guest migrations. An attacker could use this\nissue to cause QEMU to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)\n\nLing Liu discovered that QEMU incorrectly handled the NE2000 device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2015-8743)\n\nIt was discovered that QEMU incorrectly handled the vmxnet3 device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)\n\nQinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An\nattacker inside the guest could use this issue to cause a denial of\nservice, or possibly execute arbitrary code on the host as the user running\nthe QEMU process. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2016-1568)\n\nDonghai Zhu discovered that QEMU incorrect handled the firmware\nconfiguration device. An attacker inside the guest could use this issue to\ncause a denial of service, or possibly execute arbitrary code on the host\nas the user running the QEMU process. In the default installation, when\nQEMU is used with libvirt, attackers would be isolated by the libvirt\nAppArmor profile. (CVE-2016-1714)\n\nIt was discovered that QEMU incorrectly handled the e1000 device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2016-1981)\n\nZuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 15.10.\n(CVE-2016-2197)\n\nZuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2016-2198)\n",
"id": "USN-2891-1",
"modified": "2026-06-03T10:45:13Z",
"published": "2016-02-03T13:07:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2891-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-7549"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8504"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8550"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8558"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8567"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8568"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8613"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8619"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8666"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8743"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8744"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8745"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1568"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1714"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1922"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1981"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2197"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2198"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qemu, qemu-kvm vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-7549",
"UBUNTU-CVE-2015-8504",
"UBUNTU-CVE-2015-8550",
"UBUNTU-CVE-2015-8558",
"UBUNTU-CVE-2015-8567",
"UBUNTU-CVE-2015-8568",
"UBUNTU-CVE-2015-8613",
"UBUNTU-CVE-2015-8619",
"UBUNTU-CVE-2015-8666",
"UBUNTU-CVE-2015-8743",
"UBUNTU-CVE-2015-8744",
"UBUNTU-CVE-2015-8745",
"UBUNTU-CVE-2016-1568",
"UBUNTU-CVE-2016-1714",
"UBUNTU-CVE-2016-1922",
"UBUNTU-CVE-2016-1981",
"UBUNTU-CVE-2016-2197",
"UBUNTU-CVE-2016-2198"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.