7.5 - USN-2342-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	QEMU vulnerabilities

Informations
Name	USN-2342-1	First vendor Publication	2014-09-08
Vendor	Ubuntu	Last vendor Modification	2014-09-08
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer

Details:

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)

Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and others discovered multiple issues in the QEMU block drivers. An attacker able to modify disk images could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223)

It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service. (CVE-2014-3471)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.3
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.3
qemu-system-arm 2.0.0+dfsg-2ubuntu1.3
qemu-system-mips 2.0.0+dfsg-2ubuntu1.3
qemu-system-misc 2.0.0+dfsg-2ubuntu1.3
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.3
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.3
qemu-system-x86 2.0.0+dfsg-2ubuntu1.3

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.17

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.24

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2342-1
CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151,
CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530,
CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,
CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538,
CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542,
CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144,
CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0182,
CVE-2014-0222, CVE-2014-0223, CVE-2014-3461, CVE-2014-3471

Package Information:
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.3
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.17
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.24

Original Source

Url : http://www.ubuntu.com/usn/USN-2342-1

CWE : Common Weakness Enumeration

%	Id	Name
64 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
11 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
11 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
4 %	CWE-476	NULL Pointer Dereference
4 %	CWE-416	Use After Free
4 %	CWE-369	Divide By Zero
4 %	CWE-190	Integer Overflow or Wraparound (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24919

Oval ID:	oval:org.mitre.oval:def:24919
Title:	ELSA-2014:0743: qemu-kvm security and bug fix update (Moderate)
Description:	KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat, Anthony Liguori, and Michael Roth. This update also fixes the following bugs: * Previously, under certain circumstances, libvirt failed to start guests which used a non-zero PCI domain and SR-IOV Virtual Functions (VFs), and returned the following error message: Can't assign device inside non-zero PCI segment as this KVM module doesn't support it. This update fixes this issue and guests using the aforementioned configuration no longer fail to start. (BZ#1099941) * Due to an incorrect initialization of the cpus_sts bitmap, which holds the enablement status of a vCPU, libvirt could fail to start a guest with an unusual vCPU topology (for example, a guest with three cores and two sockets). With this update, the initialization of cpus_sts has been corrected, and libvirt no longer fails to start the aforementioned guests. (BZ#1100575) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0743-00 CVE-2013-4148 CVE-2013-4151 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-2894 CVE-2014-3461	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 6.x rpm test qemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-kvm-tools is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-kvm is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-img is earlier than 2:0.12.1.2-2.415.el6_5.10

Definition Id: oval:org.mitre.oval:def:25091

Oval ID:	oval:org.mitre.oval:def:25091
Title:	RHSA-2014:0927: qemu-kvm security and bug fix update (Moderate)
Description:	KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222, CVE-2014-0223) Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way virtio, virtio-net, virtio-scsi, usb, and hpet drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) These issues were discovered by Michael S. Tsirkin, Anthony Liguori and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0927-01 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4527 CVE-2013-4529 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CESA-2014:0927	Version:	5
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	qemu-kvm
Definition Synopsis:
Red Hat Enterprise Linux 7 and CentOS Linux 7 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages match section libcacard is earlier than 10:1.5.3-60.el7_0.5 AND libcacard-devel is earlier than 10:1.5.3-60.el7_0.5 AND libcacard-tools is earlier than 10:1.5.3-60.el7_0.5 AND qemu-guest-agent is earlier than 10:1.5.3-60.el7_0.5 AND qemu-img is earlier than 10:1.5.3-60.el7_0.5 AND qemu-kvm is earlier than 10:1.5.3-60.el7_0.5 AND qemu-kvm-common is earlier than 10:1.5.3-60.el7_0.5 AND qemu-kvm-tools is earlier than 10:1.5.3-60.el7_0.5 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 AND qemu-kvm-debuginfo is earlier than 10:1.5.3-60.el7_0.5

Definition Id: oval:org.mitre.oval:def:25125

Oval ID:	oval:org.mitre.oval:def:25125
Title:	RHSA-2014:0743: qemu-kvm security and bug fix update (Moderate)
Description:	KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat, Anthony Liguori, and Michael Roth. This update also fixes the following bugs: * Previously, under certain circumstances, libvirt failed to start guests which used a non-zero PCI domain and SR-IOV Virtual Functions (VFs), and returned the following error message: Can't assign device inside non-zero PCI segment as this KVM module doesn't support it. This update fixes this issue and guests using the aforementioned configuration no longer fail to start. (BZ#1099941) * Due to an incorrect initialization of the cpus_sts bitmap, which holds the enablement status of a vCPU, libvirt could fail to start a guest with an unusual vCPU topology (for example, a guest with three cores and two sockets). With this update, the initialization of cpus_sts has been corrected, and libvirt no longer fails to start the aforementioned guests. (BZ#1100575) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0743-00 CESA-2014:0743 CVE-2013-4148 CVE-2013-4151 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-2894 CVE-2014-3461	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section qemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-kvm-tools is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-kvm is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-img is earlier than 2:0.12.1.2-2.415.el6_5.10

Definition Id: oval:org.mitre.oval:def:25804

Oval ID:	oval:org.mitre.oval:def:25804
Title:	SUSE-SU-2014:0816-1 -- Security update for KVM
Description:	Several security issues in KVM have been fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0816-1 CVE-2014-0150 CVE-2014-2894 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	KVM
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND kvm RPM is earlier than 0:1.4.2-0.15.2

Definition Id: oval:org.mitre.oval:def:26667

Oval ID:	oval:org.mitre.oval:def:26667
Title:	RHSA-2014:1075: qemu-kvm security and bug fix update (Moderate)
Description:	KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1075-00 CESA-2014:1075 CVE-2014-0222 CVE-2014-0223	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section qemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6_5.14 AND qemu-img is earlier than 2:0.12.1.2-2.415.el6_5.14 AND qemu-kvm is earlier than 2:0.12.1.2-2.415.el6_5.14 AND qemu-kvm-tools is earlier than 2:0.12.1.2-2.415.el6_5.14

Definition Id: oval:org.mitre.oval:def:26768

Oval ID:	oval:org.mitre.oval:def:26768
Title:	USN-2342-1 -- qemu, qemu-kvm vulnerabilities
Description:	Several security issues were fixed in QEMU.
Family:	unix	Class:	patch
Reference(s):	USN-2342-1 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-3461 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3471	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	qemu qemu-kvm
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section qemu-system DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-aarch64 DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-arm DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-mips DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-misc DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-ppc DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-sparc DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-x86 DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND qemu-kvm DPKG is earlier than 0:1.0+noroms-0ubuntu14.17 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND qemu-kvm DPKG is earlier than 0:0.12.3+noroms-0ubuntu9.24

Definition Id: oval:org.mitre.oval:def:26880

Oval ID:	oval:org.mitre.oval:def:26880
Title:	ELSA-2014-1075 -- qemu-kvm security and bug fix update (moderate)
Description:	[0.12.1.2-2.415.el6_5.14] - The commit for zrelease .13 was incomplete; the changes to qemu-kvm.spec did not include the '%patchNNNN -p1' lines for patches 4647 through 4655; so although the patch files themselves were committed, the srpm build did not pick them up. In addition, the commit log did not describe the patches. This commit corrects these problems and bumps the zrelease to .14.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1075 CVE-2014-0222 CVE-2014-0223	Version:	5
Platform(s):	Oracle Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 6.x Packages match section qemu-kvm is earlier than 2:0.12.1.2-2.415.el6_5.14 AND qemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6_5.14

Definition Id: oval:org.mitre.oval:def:26937

Oval ID:	oval:org.mitre.oval:def:26937
Title:	DEPRECATED: ELSA-2014-0743 -- qemu-kvm security and bug fix update (moderate)
Description:	[0.12.1.2-2.415.el6_5.10] - kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095692] - kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095743] - kvm-usb-sanity-check-setup_index-setup_len-in-post_load-2.patch [bz#1095743] - kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095739] - kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095735] - kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095763 bz#1096124] - kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095763 bz#1096124] - kvm-enable-PCI-multiple-segments-for-pass-through-device.patch [bz#1099941] - kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095675] - kvm-virtio-validate-config_len-on-load.patch [bz#1095779] - kvm-usb-fix-up-post-load-checks.patch [bz#1096825] - kvm-CPU-hotplug-use-apic_id_for_cpu-round-2-RHEL-6-only.patch [bz#1100575] [0.12.1.2-2.415.el6_5.9] - kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1087978] - Resolves: bz#1087978 (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-6.5.z])
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0743 CVE-2013-4148 CVE-2013-4151 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-2894 CVE-2014-3461	Version:	5
Platform(s):	Oracle Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 6.x Packages match section qemu-kvm is earlier than 2:0.12.1.2-2.415.el6_5.10 AND qemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6_5.10

Definition Id: oval:org.mitre.oval:def:27143

Oval ID:	oval:org.mitre.oval:def:27143
Title:	SUSE-SU-2014:1278-1 -- Security update for kvm
Description:	kvm has been updated to fix issues in the embedded qemu: * CVE-2014-0223: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-3461: A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-0222: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. Non-security bugs fixed: * Fix exceeding IRQ routes that could have caused freezes of guests. (bnc#876842) * Fix CPUID emulation bugs that may have broken Windows guests with newer -cpu types (bnc#886535) Security Issues: * CVE-2014-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222> * CVE-2014-0223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223> * CVE-2014-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1278-1 CVE-2014-0223 CVE-2014-3461 CVE-2014-0222	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	kvm
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND kvm RPM is earlier than 0:1.4.2-0.17.1

Definition Id: oval:org.mitre.oval:def:27160

Oval ID:	oval:org.mitre.oval:def:27160
Title:	ELSA-2014-0927 -- qemu-kvm security and bug fix update (moderate)
Description:	[1.5.3-60.el7_0.5] - kvm-Allow-mismatched-virtio-config-len.patch [bz#1095782] - Resolves: bz#1095782 (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z])
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0927 CVE-2013-4148 CVE-2013-4151 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-3461 CVE-2013-4149 CVE-2013-4150 CVE-2013-4527 CVE-2013-4529 CVE-2014-0222 CVE-2014-0223	Version:	5
Platform(s):	Oracle Linux 7	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 7.x Packages match section qemu-kvm is earlier than 10:1.5.3-60.el7_0.5 AND libcacard is earlier than 10:1.5.3-60.el7_0.5 AND libcacard-devel is earlier than 10:1.5.3-60.el7_0.5 AND libcacard-tools is earlier than 10:1.5.3-60.el7_0.5 AND qemu-guest-agent is earlier than 10:1.5.3-60.el7_0.5 AND qemu-img is earlier than 10:1.5.3-60.el7_0.5 AND qemu-kvm-common is earlier than 10:1.5.3-60.el7_0.5 AND qemu-kvm-tools is earlier than 10:1.5.3-60.el7_0.5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Qemu cpe:2.3:a:qemu:qemu:2.1.2:r1:::::: cpe:2.3:a:qemu:qemu:2.1.2:::::::* cpe:2.3:a:qemu:qemu:2.1.1:::::::* cpe:2.3:a:qemu:qemu:2.1.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc5:::::: cpe:2.3:a:qemu:qemu:2.1.0:-:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.0.2:::::::* cpe:2.3:a:qemu:qemu:2.0.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.0.0:-:::::: cpe:2.3:a:qemu:qemu:1.7.1:::::::* cpe:2.3:a:qemu:qemu:1.6.2:::::::* cpe:2.3:a:qemu:qemu:1.6.1:::::::* cpe:2.3:a:qemu:qemu:1.6.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.6.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.6.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.6.0:-:::::: cpe:2.3:a:qemu:qemu:1.5.3:::::::* cpe:2.3:a:qemu:qemu:1.5.2:::::::* cpe:2.3:a:qemu:qemu:1.5.1:::::::* cpe:2.3:a:qemu:qemu:1.5.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.5.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.5.0:-:::::: cpe:2.3:a:qemu:qemu:1.5.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.4.2:::::::* cpe:2.3:a:qemu:qemu:1.4.1:::::::* cpe:2.3:a:qemu:qemu:1.4.0:-:::::: cpe:2.3:a:qemu:qemu:1.4.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.4.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.3.1:::::::* cpe:2.3:a:qemu:qemu:1.3.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.3.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.3.0:::::::* cpe:2.3:a:qemu:qemu:1.3.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.2.2:::::::* cpe:2.3:a:qemu:qemu:1.2.1:::::::* cpe:2.3:a:qemu:qemu:1.2.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.2.0:-:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.1.2:::::::* cpe:2.3:a:qemu:qemu:1.1.1:::::::* cpe:2.3:a:qemu:qemu:1.1:rc4:::::: cpe:2.3:a:qemu:qemu:1.1:rc1:::::: cpe:2.3:a:qemu:qemu:1.1:rc2:::::: cpe:2.3:a:qemu:qemu:1.1:rc3:::::: cpe:2.3:a:qemu:qemu:1.1:-:::::: cpe:2.3:a:qemu:qemu:1.0.1:::::::* cpe:2.3:a:qemu:qemu:1.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.0:rc4:::::: cpe:2.3:a:qemu:qemu:1.0:-:::::: cpe:2.3:a:qemu:qemu:1:2.1+dfsg-12+deb8u6:::::::* cpe:2.3:a:qemu:qemu:1:2.8+dfsg-6+deb9u8:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8+deb10u2:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8~deb10u1:::::::* cpe:2.3:a:qemu:qemu:1:4.1-1:::::::* cpe:2.3:a:qemu:qemu:0.9.1-5:::::::* cpe:2.3:a:qemu:qemu:0.9.1:::::::* cpe:2.3:a:qemu:qemu:0.9.0:::::::* cpe:2.3:a:qemu:qemu:0.8.2:::::::* cpe:2.3:a:qemu:qemu:0.8.1:::::::* cpe:2.3:a:qemu:qemu:0.8.0:::::::* cpe:2.3:a:qemu:qemu:0.7.2:::::::* cpe:2.3:a:qemu:qemu:0.7.1:::::::* cpe:2.3:a:qemu:qemu:0.7.0:::::::* cpe:2.3:a:qemu:qemu:0.6.1:::::::* cpe:2.3:a:qemu:qemu:0.6.0:::::::* cpe:2.3:a:qemu:qemu:0.5.5:::::::* cpe:2.3:a:qemu:qemu:0.5.4:::::::* cpe:2.3:a:qemu:qemu:0.5.3:::::::* cpe:2.3:a:qemu:qemu:0.5.2:::::::* cpe:2.3:a:qemu:qemu:0.5.1:::::::* cpe:2.3:a:qemu:qemu:0.5.0:::::::* cpe:2.3:a:qemu:qemu:0.4.3:::::::* cpe:2.3:a:qemu:qemu:0.4.2:::::::* cpe:2.3:a:qemu:qemu:0.4.1:::::::* cpe:2.3:a:qemu:qemu:0.4.0:::::::* cpe:2.3:a:qemu:qemu:0.3.0:::::::* cpe:2.3:a:qemu:qemu:0.2.0:::::::* cpe:2.3:a:qemu:qemu:0.15.2:::::::* cpe:2.3:a:qemu:qemu:0.15.1:::::::* cpe:2.3:a:qemu:qemu:0.15.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.15.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.15.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.1:::::::* cpe:2.3:a:qemu:qemu:0.14.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.13.0:-:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.12.5:::::::* cpe:2.3:a:qemu:qemu:0.12.4:::::::* cpe:2.3:a:qemu:qemu:0.12.3:::::::* cpe:2.3:a:qemu:qemu:0.12.2:::::::* cpe:2.3:a:qemu:qemu:0.12.1:::::::* cpe:2.3:a:qemu:qemu:0.12.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.12.0:-:::::: cpe:2.3:a:qemu:qemu:0.12.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc2:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc0:::::::* cpe:2.3:a:qemu:qemu:0.11.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.0:-:::::: cpe:2.3:a:qemu:qemu:0.10.6:::::::* cpe:2.3:a:qemu:qemu:0.10.5:::::::* cpe:2.3:a:qemu:qemu:0.10.4:::::::* cpe:2.3:a:qemu:qemu:0.10.3:::::::* cpe:2.3:a:qemu:qemu:0.10.2:::::::* cpe:2.3:a:qemu:qemu:0.10.1:::::::* cpe:2.3:a:qemu:qemu:0.10.0:::::::* cpe:2.3:a:qemu:qemu:0.1.6:::::::* cpe:2.3:a:qemu:qemu:0.1.5:::::::* cpe:2.3:a:qemu:qemu:0.1.4:::::::* cpe:2.3:a:qemu:qemu:0.1.3:::::::* cpe:2.3:a:qemu:qemu:0.1.2:::::::* cpe:2.3:a:qemu:qemu:0.1.1:::::::* cpe:2.3:a:qemu:qemu:0.1.0:::::::* cpe:2.3:a:qemu:qemu:::::::: cpe:2.3:a:qemu:qemu::r1::::::* cpe:2.3:a:qemu:qemu:-:::::::*	133
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::*	3
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.1:::::::* cpe:2.3:o:opensuse:opensuse:12.3:::::::*	2
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*	1
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1::::::	1

Nessus® Vulnerability Scanner

Date	Description
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1445-1.nasl - Type : ACT_GATHER_INFO
2016-05-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO
2016-04-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1154-1.nasl - Type : ACT_GATHER_INFO
2016-04-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO
2016-04-01	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO
2016-03-25	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO
2016-03-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0658-1.nasl - Type : ACT_GATHER_INFO
2015-11-13	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1952-1.nasl - Type : ACT_GATHER_INFO
2015-11-05	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1908-1.nasl - Type : ACT_GATHER_INFO
2015-11-05	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1894-1.nasl - Type : ACT_GATHER_INFO
2015-11-03	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1853-1.nasl - Type : ACT_GATHER_INFO
2015-05-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0929-1.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO
2014-12-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-01.nasl - Type : ACT_GATHER_INFO
2014-11-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-1168.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1076.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0744.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0674.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0421.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201409-141002.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-580.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-579.nasl - Type : ACT_GATHER_INFO
2014-10-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3045.nasl - Type : ACT_GATHER_INFO
2014-10-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3044.nasl - Type : ACT_GATHER_INFO
2014-09-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2342-1.nasl - Type : ACT_GATHER_INFO
2014-08-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-17.nasl - Type : ACT_GATHER_INFO
2014-08-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1075.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1075.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1075.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0927.nasl - Type : ACT_GATHER_INFO
2014-07-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0927.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0927.nasl - Type : ACT_GATHER_INFO
2014-06-19	Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-140528.nasl - Type : ACT_GATHER_INFO
2014-06-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0743.nasl - Type : ACT_GATHER_INFO
2014-06-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0743.nasl - Type : ACT_GATHER_INFO
2014-05-19	Name : The remote Fedora host is missing a security update. File : fedora_2014-6288.nasl - Type : ACT_GATHER_INFO
2014-05-09	Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-140416.nasl - Type : ACT_GATHER_INFO
2014-05-02	Name : The remote Fedora host is missing a security update. File : fedora_2014-5825.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0420.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140422_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0420.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0420.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2018-01-26 12:10:32	Multiple Updates
2017-11-04 09:25:50	Multiple Updates
2014-11-05 17:27:52	Multiple Updates
2014-11-05 05:33:40	Multiple Updates
2014-09-10 13:26:26	Multiple Updates
2014-09-08 21:22:08	First insertion

Global Informations

Type	Count
CWE ID(s)	28
Oval ID(s)	10
CPE ID(s)	143
Nessus® Exploit(s)	45

	Related
7.8	CVE-2014-0145
7.8	CVE-2013-4532
7.5	CVE-2014-0222
7.5	CVE-2014-0182
7.5	CVE-2013-6399
7.5	CVE-2013-4542
7.5	CVE-2013-4541
7.5	CVE-2013-4540
7.5	CVE-2013-4539
7.5	CVE-2013-4538
7.5	CVE-2013-4537
7.5	CVE-2013-4534
7.5	CVE-2013-4533
7.5	CVE-2013-4531
7.5	CVE-2013-4530
7.5	CVE-2013-4529
7.5	CVE-2013-4527
7.5	CVE-2013-4526
7.5	CVE-2013-4151
7.5	CVE-2013-4150
7.5	CVE-2013-4149
7.5	CVE-2013-4148
7	CVE-2014-0143
6.8	CVE-2014-3461
5.5	CVE-2014-3471
5.5	CVE-2014-0146
5.5	CVE-2014-0142
4.6	CVE-2014-0223
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 28 more Alert(s)

7.5 - USN-2342-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU