| Errata ID | 380 |
|---|---|
| Date | 2015-11-19 |
| Source package | qemu-kvm |
| Fixed in version | 1.1.2+dfsg-6.29.49.201510271754 |
| Description | These vulnerabilities have been fixed in qemu-kvm: * the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap (CVE-2015-5165) * A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash) (CVE-2015-5745) * infinite loop when receiving packets in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) (CVE-2015-5278) * heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process (CVE-2015-5279) * infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) (CVE-2015-6815) * flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) (CVE-2015-6855) |
| Additional notes | |
| CVE ID | CVE-2015-5165 CVE-2015-5745 CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855 |
| UCS Bug number | #39545 |
