FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands

Affected packages
qemu <= 0.11.1_20
0.12 <= qemu <= 2.3.0_2
qemu-devel <= 0.11.1_20
0.12 <= qemu-devel <= 2.3.0_2
qemu-sbruno < 2.4.50.g20150814
qemu-user-static < 2.4.50.g20150814
xen-tools < 4.5.0_9

Details

VuXML ID da451130-365d-11e5-a4a5-002590263bf5
Discovery 2015-07-27
Entry 2015-08-04
Modified 2015-08-19

The Xen Project reports:

A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands.

A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

[source]

References

CVE Name CVE-2015-5154
URL http://git.qemu.org/?p=qemu.git;a=commit;h=e40db4c6d391419c0039fe274c74df32a6ca1a28
URL http://xenbits.xen.org/xsa/advisory-138.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.