FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands

Affected packages
qemu <= 0.11.1_20
0.12 <= qemu <= 2.3.0_2
qemu-devel <= 0.11.1_20
0.12 <= qemu-devel <= 2.3.0_2
qemu-sbruno < 2.4.50.g20150814
qemu-user-static < 2.4.50.g20150814
xen-tools < 4.5.0_9


VuXML ID da451130-365d-11e5-a4a5-002590263bf5
Discovery 2015-07-27
Entry 2015-08-04
Modified 2015-08-19

The Xen Project reports:

A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands.

A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.


CVE Name CVE-2015-5154