FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends

Affected packages
xen-tools < 4.5.0_6

Details

VuXML ID 0d732fd1-27e0-11e5-a4a5-002590263bf5
Discovery 2015-03-13
Entry 2015-07-11

The Xen Project reports:

When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration.

The libxl toolstack library does not explicitly disable these default backends when they are not enabled, leading to an unexpected backend running.

If either SDL or VNC is explicitly enabled in the guest configuration then only the expected backends will be enabled.

This affects qemu-xen and qemu-xen-traditional differently.

If qemu-xen was compiled with SDL support then this would result in an SDL window being opened if $DISPLAY is valid, or a failure to start the guest if not.

If qemu-xen was compiled without SDL support then qemu would instead start a VNC server listening on ::1 (IPv6 localhost) or 127.0.0.1 (IPv4 localhost) with IPv6 preferred if available. A VNC password will not be configured even if one is present in the guest configuration.

qemu-xen-traditional will never start a vnc backend unless explicitly configured. However by default it will start an SDL backend if it was built with SDL support and $DISPLAY is valid.

References

CVE Name CVE-2015-2152
URL http://xenbits.xen.org/xsa/advisory-119.html