First published: Mon Apr 14 2014(Updated: )
An array index bounds overrun flaw has been discovered in the vmxnet3 device as emulated by qemu. A privileged guest user could use this flaw to corrupt qemu process' memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process. Upstream fix: ------------- -> <a href="http://thread.gmane.org/gmane.comp.emulators.qemu/265562">http://thread.gmane.org/gmane.comp.emulators.qemu/265562</a> Acknowledgements: This issue was discovered by Michael S. Tsirkin of Red Hat.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.10 | |
Canonical Ubuntu Linux | =14.04 | |
QEMU qemu | <=1.7.1 | |
QEMU qemu | =1.0 | |
QEMU qemu | =1.0-rc1 | |
QEMU qemu | =1.0-rc2 | |
QEMU qemu | =1.0-rc3 | |
QEMU qemu | =1.0-rc4 | |
QEMU qemu | =1.0.1 | |
QEMU qemu | =1.1 | |
QEMU qemu | =1.1-rc1 | |
QEMU qemu | =1.1-rc2 | |
QEMU qemu | =1.1-rc3 | |
QEMU qemu | =1.1-rc4 | |
QEMU qemu | =1.4.1 | |
QEMU qemu | =1.4.2 | |
QEMU qemu | =1.5.0 | |
QEMU qemu | =1.5.0-rc1 | |
QEMU qemu | =1.5.0-rc2 | |
QEMU qemu | =1.5.0-rc3 | |
QEMU qemu | =1.5.1 | |
QEMU qemu | =1.5.2 | |
QEMU qemu | =1.5.3 | |
QEMU qemu | =1.6.0 | |
QEMU qemu | =1.6.0-rc1 | |
QEMU qemu | =1.6.0-rc2 | |
QEMU qemu | =1.6.0-rc3 | |
QEMU qemu | =1.6.1 | |
QEMU qemu | =1.6.2 | |
QEMU qemu | =2.0.0-rc0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.