Executive Summary
Summary | |
---|---|
Title | QEMU vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2182-1 | First vendor Publication | 2014-04-28 |
Vendor | Ubuntu | Last vendor Modification | 2014-04-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-0150) Benoît Canet discovered that QEMU incorrectly handled SMART self-tests. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-2894) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: Ubuntu 13.10: Ubuntu 12.10: Ubuntu 12.04 LTS: Ubuntu 10.04 LTS: After a standard system update you need to reboot your computer to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2182-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:23845 | |||
Oval ID: | oval:org.mitre.oval:def:23845 | ||
Title: | ELSA-2014:0420: qemu-kvm security update (Moderate) | ||
Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0420-00 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0148 CVE-2014-0150 | Version: | 5 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24104 | |||
Oval ID: | oval:org.mitre.oval:def:24104 | ||
Title: | RHSA-2014:0420: qemu-kvm security update (Moderate) | ||
Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0420-00 CESA-2014:0420 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0148 CVE-2014-0150 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24231 | |||
Oval ID: | oval:org.mitre.oval:def:24231 | ||
Title: | DSA-2909-1 qemu - security update | ||
Description: | Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2909-1 CVE-2014-0150 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | qemu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24717 | |||
Oval ID: | oval:org.mitre.oval:def:24717 | ||
Title: | DSA-2910-1 qemu-kvm - security update | ||
Description: | Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2910-1 CVE-2014-0150 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25072 | |||
Oval ID: | oval:org.mitre.oval:def:25072 | ||
Title: | RHSA-2014:0704: qemu-kvm security and bug fix update (Moderate) | ||
Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a user-space component to run virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) This update also fixes the following bugs: * Prior to this update, a bug in the migration code caused the following error on specific machine types: after a Red Hat Enterprise Linux 6.5 guest was migrated from a Red Hat Enterprise Linux 6.5 host to a Red Hat Enterprise Linux 7.0 host and then restarted, the boot failed and the guest automatically restarted. Thus, the guest entered an endless loop. With this update, the migration code has been fixed and the Red Hat Enterprise Linux 6.5 guests migrated in the aforementioned scenario now boot properly. (BZ#1091322) * Due to a regression bug in the iSCSI driver, the qemu-kvm process terminated unexpectedly with a segmentation fault when the "write same" command was executed in guest mode under the iSCSI protocol. This update fixes the regression and the "write same" command now functions in guest mode under iSCSI as intended. (BZ#1090978) * Due to a mismatch in interrupt request (IRQ) routing, migration of a Red Hat Enterprise Linux 6.5 guest from a Red Hat Enterprise Linux 6.5 host to a Red Hat Enterprise Linux 7.0 host could produce a call trace. This happened if memory ballooning and a Universal Host Control Interface (UHCI) device were used at the same time on certain machine types. With this patch, the IRQ routing mismatch has been amended and the described migration now proceeds as expected. (BZ#1090981) * Previously, an internal error prevented KVM from executing a CPU hot plug on a Red Hat Enterprise Linux 7 guest running on a Red Hat Enterprise Linux 7 host. This update addresses the internal error and CPU hot plugging in the described scenario now functions correctly. (BZ#1094820) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0704-00 CVE-2014-2894 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25155 | |||
Oval ID: | oval:org.mitre.oval:def:25155 | ||
Title: | RHSA-2014:0426: qemu-kvm security update (Moderate) | ||
Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. ... All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0426-00 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0148 CVE-2014-0150 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25200 | |||
Oval ID: | oval:org.mitre.oval:def:25200 | ||
Title: | ELSA-2014:0426: qemu-kvm security update (Moderate) | ||
Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. ... All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0426-00 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0148 CVE-2014-0150 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27247 | |||
Oval ID: | oval:org.mitre.oval:def:27247 | ||
Title: | ELSA-2014-0704 -- qemu-kvm security and bug fix update (moderate) | ||
Description: | [1.5.3-60.el7_0.2] - kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094820] - Resolves: bz#1094820 (Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.) [1.5.3-60.el7_0.1] - kvm-iscsi-fix-indentation.patch [bz#1090978] - kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1090978] - kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1090978] - kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1090978] - kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1090978] - kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1090978] - kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1090978] - kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1090978] - kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1090978] - kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [1091322] - kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1090981] - kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1093612] - Resolves: bz#1091322 (fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host) - Resolves: bz#1090981 (Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device) - Resolves: bz#1090978 (qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400)) - Resolves: bz#1093612 (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.0.z]) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0704 CVE-2014-2894 | Version: | 5 |
Platform(s): | Oracle Linux 7 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15951.nasl - Type : ACT_GATHER_INFO |
2014-12-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15521.nasl - Type : ACT_GATHER_INFO |
2014-12-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15503.nasl - Type : ACT_GATHER_INFO |
2014-11-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0744.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0674.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0421.nasl - Type : ACT_GATHER_INFO |
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-17.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0704.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-140528.nasl - Type : ACT_GATHER_INFO |
2014-06-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0743.nasl - Type : ACT_GATHER_INFO |
2014-06-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0743.nasl - Type : ACT_GATHER_INFO |
2014-05-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2933.nasl - Type : ACT_GATHER_INFO |
2014-05-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2932.nasl - Type : ACT_GATHER_INFO |
2014-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-5825.nasl - Type : ACT_GATHER_INFO |
2014-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2182-1.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140422_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0420.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0420.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0420.nasl - Type : ACT_GATHER_INFO |
2014-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2909.nasl - Type : ACT_GATHER_INFO |
2014-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2910.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-09 21:30:02 |
|
2014-04-30 13:21:31 |
|
2014-04-28 17:18:37 |
|