FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- buffer overflow vulnerability in VNC

Affected packages
qemu < 2.4.0.1
qemu-devel < 2.4.0.1
qemu-sbruno < 2.4.50.g20151011
qemu-user-static < 2.4.50.g20151011

Details

VuXML ID 2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28
Discovery 2015-08-17
Entry 2016-01-01

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the VNC display driver support is vulnerable to a buffer overflow flaw leading to a heap memory corruption issue. It could occur while refreshing the server display surface via routine vnc_refresh_server_surface().

A privileged guest user could use this flaw to corrupt the heap memory and crash the Qemu process instance OR potentially use it to execute arbitrary code on the host.

References

CVE Name CVE-2015-5225
URL http://git.qemu.org/?p=qemu.git;a=commit;h=efec4dcd2552e85ed57f276b58f09fc385727450
URL http://www.openwall.com/lists/oss-security/2015/08/21/6
URL https://github.com/seanbruno/qemu-bsd-user/commit/eb8934b0418b3b1d125edddc4fc334a54334a49b