CWE
476
Advisory Published

RHSA-2015:0624: Important: qemu-kvm-rhev security, bug fix, and enhancement update

First published: Thu Mar 05 2015(Updated: )

KVM (Kernel-based Virtual Machine) is a full virtualization solution for<br>Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the<br>user-space component for running virtual machines using KVM, in<br>environments managed by Red Hat Enterprise Virtualization Manager.<br>It was found that the Cirrus blit region checks were insufficient.<br>A privileged guest user could use this flaw to write outside of<br>VRAM-allocated buffer boundaries in the host's QEMU process address space<br>with attacker-provided data. (CVE-2014-8106)<br>An uninitialized data structure use flaw was found in the way the<br>set_pixel_format() function sanitized the value of bits_per_pixel.<br>An attacker able to access a guest's VNC console could use this flaw to<br>crash the guest. (CVE-2014-7815)<br>It was found that certain values that were read when loading RAM during<br>migration were not validated. A user able to alter the savevm data (either<br>on the disk or over the wire during migration) could use either of these<br>flaws to corrupt QEMU process memory on the (destination) host, which could<br>potentially result in arbitrary code execution on the host with the<br>privileges of the QEMU process. (CVE-2014-7840)<br>A NULL pointer dereference flaw was found in the way QEMU handled UDP<br>packets with a source port and address of 0 when QEMU's user networking was<br>in use. A local guest user could use this flaw to crash the guest.<br>(CVE-2014-3640)<br>Red Hat would like to thank James Spadaro of Cisco for reporting<br>CVE-2014-7815, and Xavier Mehrenberger and Stephane Duverger of Airbus for<br>reporting CVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini<br>of Red Hat, and the CVE-2014-7840 issue was discovered by Michael S.<br>Tsirkin of Red Hat.<br>This update provides the enhanced version of the qemu-kvm-rhev packages for<br>Red Hat Enterprise Virtualization (RHEV) Hypervisor, which also fixes<br>several bugs and adds various enhancements.<br>All Red Hat Enterprise Virtualization users with deployed virtualization<br>hosts are advised to install these updated packages, which add this<br>enhancement. After installing this update, shut down all running virtual<br>machines. Once all virtual machines have shut down, start them again for<br>this update to take effect.

Affected SoftwareAffected VersionHow to fix
redhat/qemu-kvm-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/libcacard-devel-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/libcacard-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/libcacard-tools-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/qemu-img-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/qemu-kvm-common-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/qemu-kvm-rhev<2.1.2-23.el7
2.1.2-23.el7
redhat/qemu-kvm-rhev-debuginfo<2.1.2-23.el7
2.1.2-23.el7
redhat/qemu-kvm-tools-rhev<2.1.2-23.el7
2.1.2-23.el7

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203