Описание
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest.
Отчет
This issue does not affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5 or the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | qemu-kvm-rhev | Not affected | ||
| Red Hat OpenStack Platform 4 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2014:1669 | 20.10.2014 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | qemu-kvm-rhev | Fixed | RHSA-2014:1941 | 02.12.2014 |
| RHEV 3.X Hypervisor and Agents for RHEL-7 | qemu-kvm-rhev | Fixed | RHSA-2014:1670 | 20.10.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.9 Low
CVSS2
Связанные уязвимости
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
The VGA emulator in QEMU allows local guest users to read host memory ...
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
ELSA-2014-1669: qemu-kvm security and bug fix update (LOW)
EPSS
2.9 Low
CVSS2