It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Find out more about CVE-2014-7840 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the qemu-kvm packages as shipped with Red Hat Enterprise
Linux 5, 6 and 7. Future updates for the respective releases may address this
issue.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and
maintenance life cycle. This has been rated as having Moderate security impact
and is not currently planned to be addressed in future updates. For additional
information, refer to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.
| Base Score | 3.7 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2015:0624 | 2015-03-05 |
| Red Hat Enterprise Linux 7 (qemu-kvm) | RHSA-2015:0349 | 2015-03-05 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux 6 | qemu-kvm | Will not fix |
| Red Hat Enterprise Linux 5 | kvm | Fix deferred |
Vulmon