Описание
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Will not fix | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | qemu-kvm-rhev | Under investigation | ||
| Red Hat OpenStack Platform 3 | qemu-kvm-rhev | Under investigation | ||
| Red Hat OpenStack Platform 4 | qemu-kvm-rhev | Under investigation | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2015:0349 | 05.03.2015 |
| RHEV 3.X Hypervisor and Agents for RHEL-7 | qemu-kvm-rhev | Fixed | RHSA-2015:0624 | 05.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS2
Связанные уязвимости
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
The host_from_stream_offset function in arch_init.c in QEMU, when load ...
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
EPSS
3.7 Low
CVSS2