Executive Summary

Summary
Title QEMU vulnerabilities
Informations
Name USN-2409-1 First vendor Publication 2014-11-13
Vendor Ubuntu Last vendor Modification 2014-11-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer

Details:

Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3615)

Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (CVE-2014-3640)

It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (CVE-2014-3689)

It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5263)

Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5388)

James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (CVE-2014-7815)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10:
qemu-system 2.1+dfsg-4ubuntu6.1
qemu-system-aarch64 2.1+dfsg-4ubuntu6.1
qemu-system-arm 2.1+dfsg-4ubuntu6.1
qemu-system-mips 2.1+dfsg-4ubuntu6.1
qemu-system-misc 2.1+dfsg-4ubuntu6.1
qemu-system-ppc 2.1+dfsg-4ubuntu6.1
qemu-system-sparc 2.1+dfsg-4ubuntu6.1
qemu-system-x86 2.1+dfsg-4ubuntu6.1

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.7
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.7
qemu-system-arm 2.0.0+dfsg-2ubuntu1.7
qemu-system-mips 2.0.0+dfsg-2ubuntu1.7
qemu-system-misc 2.0.0+dfsg-2ubuntu1.7
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.7
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.7
qemu-system-x86 2.0.0+dfsg-2ubuntu1.7

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.19

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.25

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2409-1
CVE-2014-3615, CVE-2014-3640, CVE-2014-3689, CVE-2014-5263,
CVE-2014-5388, CVE-2014-7815

Package Information:
https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.1
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.7
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.19
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.25

Original Source

Url : http://www.ubuntu.com/usn/USN-2409-1

CWE : Common Weakness Enumeration

% Id Name
17 % CWE-476 NULL Pointer Dereference
17 % CWE-269 Improper Privilege Management
17 % CWE-200 Information Exposure
17 % CWE-193 Off-by-one Error
17 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26922
 
Oval ID: oval:org.mitre.oval:def:26922
Title: DSA-3044-1 qemu-kvm - security update
Description: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Family: unix Class: patch
Reference(s): DSA-3044-1
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
CVE-2014-0222
CVE-2014-0223
CVE-2014-3615
CVE-2014-3640
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27016
 
Oval ID: oval:org.mitre.oval:def:27016
Title: ELSA-2014-1669 -- qemu-kvm security and bug fix update (low)
Description: [1.5.3-60.el7_0.10] - kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925] - kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925] - kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925] - kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925] - Resolves: bz#1122925 (Maintain relative path to backing file image during live merge (block-commit))
Family: unix Class: patch
Reference(s): ELSA-2014-1669
CVE-2014-3615
Version: 5
Platform(s): Oracle Linux 7
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27022
 
Oval ID: oval:org.mitre.oval:def:27022
Title: RHSA-2014:1669 -- qemu-kvm security and bug fix update (Low)
Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a regression in the scsi_block_new_request() function, which caused all read requests to through SG_IO if the host cache was not used. (BZ#1141189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1669
CESA-2014:1669
CVE-2014-3615
Version: 5
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27023
 
Oval ID: oval:org.mitre.oval:def:27023
Title: DSA-3045-1 qemu - security update
Description: Several vulnerabilities were discovered in qemu, a fast processor emulator.
Family: unix Class: patch
Reference(s): DSA-3045-1
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
CVE-2014-0222
CVE-2014-0223
CVE-2014-3615
CVE-2014-3640
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27312
 
Oval ID: oval:org.mitre.oval:def:27312
Title: DSA-3067-1 -- qemu-kvm security update
Description: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Family: unix Class: patch
Reference(s): DSA-3067-1
CVE-2014-3689
CVE-2014-7815
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28093
 
Oval ID: oval:org.mitre.oval:def:28093
Title: DSA-3066-1 -- qemu security update
Description: Several vulnerabilities were discovered in qemu, a fast processor emulator.
Family: unix Class: patch
Reference(s): DSA-3066-1
CVE-2014-3689
CVE-2014-7815
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): qemu
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28286
 
Oval ID: oval:org.mitre.oval:def:28286
Title: USN-2409-1 -- QEMU vulnerabilities
Description: Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3615">CVE-2014-3615</a>) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3640">CVE-2014-3640</a>) It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3689">CVE-2014-3689</a>) It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5263">CVE-2014-5263</a>) Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5388">CVE-2014-5388</a>) James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7815">CVE-2014-7815</a>)
Family: unix Class: patch
Reference(s): USN-2409-1
CVE-2014-3615
CVE-2014-3640
CVE-2014-3689
CVE-2014-5263
CVE-2014-5388
CVE-2014-7815
Version: 5
Platform(s): Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): qemu
qemu-kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 146
Os 7
Os 1
Os 1
Os 1
Os 5
Os 1
Os 1
Os 4
Os 3
Os 1
Os 1
Os 1

Snort® IPS/IDS

Date Description
2015-10-01 QEMU VNC set-pixel-format memory corruption attempt
RuleID : 35851 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-11-14 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2781-1.nasl - Type : ACT_GATHER_INFO
2016-11-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2725-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2628-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2533-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2528-1.nasl - Type : ACT_GATHER_INFO
2016-10-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1170.nasl - Type : ACT_GATHER_INFO
2016-10-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1169.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1785-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1698-1.nasl - Type : ACT_GATHER_INFO
2016-07-28 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0089.nasl - Type : ACT_GATHER_INFO
2016-06-22 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0081.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1560-1.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1445-1.nasl - Type : ACT_GATHER_INFO
2016-05-19 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO
2016-04-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1154-1.nasl - Type : ACT_GATHER_INFO
2016-04-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO
2016-04-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO
2016-03-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO
2015-10-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1782-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0744-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0613-1.nasl - Type : ACT_GATHER_INFO
2015-04-30 Name : The remote host is missing a vendor-supplied security patch.
File : citrix_xenserver_CTX200892.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150305_qemu_kvm_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-03-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0624.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kvm-libvirt-201412-150124.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kvm-libvirt-201412-150123.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-37.nasl - Type : ACT_GATHER_INFO
2014-12-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-01.nasl - Type : ACT_GATHER_INFO
2014-11-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO
2014-11-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2409-1.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14033.nasl - Type : ACT_GATHER_INFO
2014-11-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13993.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1670.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3067.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3066.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-09 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11641.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3045.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3044.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11588.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10761.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-11-16 05:39:36
  • Multiple Updates
2014-11-15 13:25:59
  • Multiple Updates
2014-11-14 21:30:47
  • Multiple Updates
2014-11-13 17:23:08
  • First insertion