Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в QEMU
дополнено с 4 мая 2014 г.
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13705
Тип:локальная
Уровень опасности:
6/10
Описание:DoS, повреждения памяти, переполнение буфера.
Затронутые продукты:QEMU : QEMU 2.0
CVE:CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.")
 CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.)
 CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.)
 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.)
 CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.)
 CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.)
Оригинальный текстdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size (15.05.2014)
 documentP J P, [oss-security] CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentUBUNTU, [USN-2182-1] QEMU vulnerabilities (04.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород