Описание
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data.
Отчет
This issue affects the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, a future update may address this flaw. This issue affects the kvm packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Will not fix | ||
| OpenStack 4 for RHEL 6 | qemu-kvm-rhev | Fixed | RHSA-2015:0891 | 28.04.2015 |
| Red Hat Enterprise Linux 6 | qemu-kvm | Fixed | RHSA-2015:0867 | 21.04.2015 |
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2015:0349 | 05.03.2015 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | qemu-kvm-rhev | Fixed | RHSA-2015:0891 | 28.04.2015 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | qemu-kvm-rhev | Fixed | RHSA-2015:0795 | 09.04.2015 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | qemu-kvm-rhev | Fixed | RHSA-2015:0643 | 05.03.2015 |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | qemu-kvm-rhev | Fixed | RHSA-2015:0868 | 21.04.2015 |
| RHEV 3.X Hypervisor and Agents for RHEL-7 | qemu-kvm-rhev | Fixed | RHSA-2015:0624 | 05.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.9 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirr ...
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
ELSA-2015-0867: qemu-kvm security and bug fix update (IMPORTANT)
EPSS
4.9 Medium
CVSS2