CVE-2014-3640

Опубликовано: 17 сент. 2014

Источник: redhat

CVSS2: 4.4

Описание

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

A NULL pointer dereference flaw was found in the way QEMU handled UDP packets with a source port and address of 0 when QEMU's user networking was in use. A local guest user could use this flaw to crash the guest.

Отчет

This issue did not affect the kvm package as shipped with Red Hat Enterprise Linux 5. Red Hat Product Security has rated this issue as having Low security impact. Future qemu-kvm updates for Red Hat Enterprise Linux 6 and 7 may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Not affected
Red Hat Enterprise Linux 6	qemu-kvm	Affected
Red Hat Enterprise Linux 7	qemu-kvm	Fixed	RHSA-2015:0349	05.03.2015
RHEV 3.X Hypervisor and Agents for RHEL-7	qemu-kvm-rhev	Fixed	RHSA-2015:0624	05.03.2015