Computer Security
[EN] securityvulns.ru no-pyccku


libvirt / qemu / Xen multiple security vulnerabilities
updated since 13.06.2015
Published:21.06.2015
Source:
SecurityVulns ID:14532
Type:library
Threat Level:
6/10
Description:DoS, privilege escalation, information disclosure, code execution.
Affected:QEMU : qemu 2.2
 XEN : Xen 4.5
CVE:CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.)
 CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.)
 CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.)
 CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.)
 CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.)
 CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.)
 CVE-2015-4037 (The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.)
 CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3286-1] xen security update (21.06.2015)
 documentUBUNTU, [USN-2630-1] QEMU vulnerabilities (13.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod