FS#44954 - [qemu] CVE-2015-3456 fdc: out-of-bounds fifo buffer memory access.
Attached to Project:
Arch Linux
Opened by Andrey (Gendalf) - Wednesday, 13 May 2015, 19:43 GMT
Last edited by Allan McRae (Allan) - Thursday, 14 May 2015, 11:36 GMT
Opened by Andrey (Gendalf) - Wednesday, 13 May 2015, 19:43 GMT
Last edited by Allan McRae (Allan) - Thursday, 14 May 2015, 11:36 GMT
|
Details
Description:
An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. This issue affects all x86 and x86-64 based HVM Xen and QEMU/KVM/Xen guests https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten Additional info: * package version(s) * config and/or log files etc. Steps to reproduce: |
This task depends upon
Closed by Allan McRae (Allan)
Thursday, 14 May 2015, 11:36 GMT
Reason for closing: Fixed
Additional comments about closing: 2.3.0-2
2.2.1-5
Thursday, 14 May 2015, 11:36 GMT
Reason for closing: Fixed
Additional comments about closing: 2.3.0-2
2.2.1-5
This vulnerability allows vm escape and arbitrary code execution on the host system.
Please apply following upstream patch for mitigation:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
The 2.3.0-2 package in [testing] has the fix. I don't know why it was in [testing] to judge whether it is worth rebuilding the package in [extra] too.