{"id":"MGASA-2015-0310","summary":"Updated qemu package fixes security vulnerability","details":"Matt Tait discovered that QEMU incorrectly handled the virtual PCNET\ndriver. A malicious guest could use this issue to cause a denial of\nservice, or possibly execute arbitrary code on the host as the user\nrunning the QEMU process (CVE-2015-3209).\n\nKurt Seifried discovered that QEMU incorrectly handled certain temporary\nfiles. A local attacker could use this issue to cause a denial of service\n(CVE-2015-4037).\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the host MSI message data field. A malicious guest could use\nthis issue to cause a denial of service (CVE-2015-4103).\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted\naccess to the PCI MSI mask bits. A malicious guest could use this issue to\ncause a denial of service (CVE-2015-4104).\n\nJan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X\nerror messages. A malicious guest could use this issue to cause a denial\nof service (CVE-2015-4105).\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the PCI config space. A malicious guest could use this issue to\ncause a denial of service, obtain sensitive information, or possibly\nexecute arbitrary code (CVE-2015-4106).\n\nA heap buffer overflow flaw was found in the way QEMU's IDE subsystem\nhandled I/O buffer access while processing certain ATAPI commands.\nA privileged guest user in a guest with the CDROM drive enabled could\npotentially use this flaw to execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest\n(CVE-2015-5154).\n\nAn out-of-bounds memory access flaw, leading to memory corruption or\npossibly an information leak, was found in QEMU's pit_ioport_read()\nfunction. A privileged guest user in a QEMU guest, which had QEMU PIT\nemulation enabled, could potentially, in rare cases, use this flaw to\nexecute arbitrary code on the host with the privileges of the hosting QEMU\nprocess (CVE-2015-3214).\n\nQemu emulator built with the virtio-serial vmchannel support is vulnerable\nto a buffer overflow issue. It could occur while exchanging virtio control\nmessages between guest & the host. A malicious guest could use this flaw\nto corrupt few bytes of Qemu memory area, potentially crashing the Qemu\nprocess (CVE-2015-5745).\n","modified":"2026-04-16T01:47:55.470327622Z","published":"2015-08-11T20:22:53Z","upstream":["CVE-2015-3209","CVE-2015-3214","CVE-2015-4037","CVE-2015-4103","CVE-2015-4104","CVE-2015-4105","CVE-2015-4106","CVE-2015-5154","CVE-2015-5745"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0310.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16105"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2630-1/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2015-1507.html"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/08/06/5"}],"affected":[{"package":{"name":"qemu","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/qemu?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.2-1.12.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0310.json"}},{"package":{"name":"qemu","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/qemu?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.3-2.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0310.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}