Executive Summary

Summary
Title QEMU: Multiple Vulnerabilities
Informations
Name GLSA-201412-01 First vendor Publication 2014-12-08
Vendor Gentoo Last vendor Modification 2014-12-08
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in QEMU, the worst of which allows context dependent attackers to cause Denial of Service.

Background

QEMU is a generic and open source machine emulator and virtualizer.

Description

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service condition and a local user can obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All QEMU users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r1"

References

[ 1 ] CVE-2014-3471 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3471
[ 2 ] CVE-2014-3615 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3615
[ 3 ] CVE-2014-3640 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3640
[ 4 ] CVE-2014-5263 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5263
[ 5 ] CVE-2014-5388 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5388
[ 6 ] CVE-2014-7815 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7815

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201412-01.xml

CWE : Common Weakness Enumeration

% Id Name
17 % CWE-476 NULL Pointer Dereference
17 % CWE-416 Use After Free
17 % CWE-200 Information Exposure
17 % CWE-193 Off-by-one Error
17 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26768
 
Oval ID: oval:org.mitre.oval:def:26768
Title: USN-2342-1 -- qemu, qemu-kvm vulnerabilities
Description: Several security issues were fixed in QEMU.
Family: unix Class: patch
Reference(s): USN-2342-1
CVE-2013-4148
CVE-2013-4149
CVE-2013-4150
CVE-2013-4151
CVE-2013-4526
CVE-2013-4527
CVE-2013-4529
CVE-2013-4530
CVE-2013-4531
CVE-2013-4532
CVE-2013-4533
CVE-2013-4534
CVE-2013-4535
CVE-2013-4536
CVE-2013-4537
CVE-2013-4538
CVE-2013-4539
CVE-2013-4540
CVE-2013-4541
CVE-2013-4542
CVE-2013-6399
CVE-2014-0182
CVE-2014-3461
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
CVE-2014-0222
CVE-2014-0223
CVE-2014-3471
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): qemu
qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26922
 
Oval ID: oval:org.mitre.oval:def:26922
Title: DSA-3044-1 qemu-kvm - security update
Description: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Family: unix Class: patch
Reference(s): DSA-3044-1
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
CVE-2014-0222
CVE-2014-0223
CVE-2014-3615
CVE-2014-3640
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27016
 
Oval ID: oval:org.mitre.oval:def:27016
Title: ELSA-2014-1669 -- qemu-kvm security and bug fix update (low)
Description: [1.5.3-60.el7_0.10] - kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925] - kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925] - kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925] - kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925] - Resolves: bz#1122925 (Maintain relative path to backing file image during live merge (block-commit))
Family: unix Class: patch
Reference(s): ELSA-2014-1669
CVE-2014-3615
Version: 5
Platform(s): Oracle Linux 7
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27022
 
Oval ID: oval:org.mitre.oval:def:27022
Title: RHSA-2014:1669 -- qemu-kvm security and bug fix update (Low)
Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a regression in the scsi_block_new_request() function, which caused all read requests to through SG_IO if the host cache was not used. (BZ#1141189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1669
CESA-2014:1669
CVE-2014-3615
Version: 5
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27023
 
Oval ID: oval:org.mitre.oval:def:27023
Title: DSA-3045-1 qemu - security update
Description: Several vulnerabilities were discovered in qemu, a fast processor emulator.
Family: unix Class: patch
Reference(s): DSA-3045-1
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
CVE-2014-0222
CVE-2014-0223
CVE-2014-3615
CVE-2014-3640
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27312
 
Oval ID: oval:org.mitre.oval:def:27312
Title: DSA-3067-1 -- qemu-kvm security update
Description: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Family: unix Class: patch
Reference(s): DSA-3067-1
CVE-2014-3689
CVE-2014-7815
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28093
 
Oval ID: oval:org.mitre.oval:def:28093
Title: DSA-3066-1 -- qemu security update
Description: Several vulnerabilities were discovered in qemu, a fast processor emulator.
Family: unix Class: patch
Reference(s): DSA-3066-1
CVE-2014-3689
CVE-2014-7815
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28286
 
Oval ID: oval:org.mitre.oval:def:28286
Title: USN-2409-1 -- QEMU vulnerabilities
Description: Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3615">CVE-2014-3615</a>) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3640">CVE-2014-3640</a>) It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3689">CVE-2014-3689</a>) It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5263">CVE-2014-5263</a>) Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5388">CVE-2014-5388</a>) James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7815">CVE-2014-7815</a>)
Family: unix Class: patch
Reference(s): USN-2409-1
CVE-2014-3615
CVE-2014-3640
CVE-2014-3689
CVE-2014-5263
CVE-2014-5388
CVE-2014-7815
Version: 5
Platform(s): Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): qemu
qemu-kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 146
Os 7
Os 1
Os 1
Os 1
Os 5
Os 1
Os 1
Os 4
Os 3
Os 1
Os 1
Os 1

Snort® IPS/IDS

Date Description
2015-10-01 QEMU VNC set-pixel-format memory corruption attempt
RuleID : 35851 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-11-14 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2781-1.nasl - Type : ACT_GATHER_INFO
2016-11-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2725-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2628-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2533-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2528-1.nasl - Type : ACT_GATHER_INFO
2016-10-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1170.nasl - Type : ACT_GATHER_INFO
2016-10-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1169.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1785-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1698-1.nasl - Type : ACT_GATHER_INFO
2016-07-28 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0089.nasl - Type : ACT_GATHER_INFO
2016-06-22 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0081.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1560-1.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1445-1.nasl - Type : ACT_GATHER_INFO
2016-05-19 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO
2016-04-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1154-1.nasl - Type : ACT_GATHER_INFO
2016-04-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO
2016-04-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO
2016-03-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO
2015-10-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1782-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0744-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0613-1.nasl - Type : ACT_GATHER_INFO
2015-04-30 Name : The remote host is missing a vendor-supplied security patch.
File : citrix_xenserver_CTX200892.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150305_qemu_kvm_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-03-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0624.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kvm-libvirt-201412-150124.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kvm-libvirt-201412-150123.nasl - Type : ACT_GATHER_INFO
2014-12-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-01.nasl - Type : ACT_GATHER_INFO
2014-11-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO
2014-11-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2409-1.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14033.nasl - Type : ACT_GATHER_INFO
2014-11-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13993.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1670.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3067.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3066.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-09 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11641.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3045.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3044.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11588.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10761.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2342-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-01-12 21:24:43
  • Multiple Updates
2014-12-10 13:27:02
  • Multiple Updates
2014-12-09 00:25:39
  • First insertion