Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qemu, qemu-kvm vulnerabilities

Related Vulnerabilities: CVE-2013-4148   CVE-2013-4149   CVE-2013-4150   CVE-2013-4151   CVE-2013-4526   CVE-2013-4527   CVE-2013-4529   CVE-2013-4530   CVE-2013-4531   CVE-2013-4532   CVE-2013-4533   CVE-2013-4534   CVE-2013-4535   CVE-2013-4536   CVE-2013-4537   CVE-2013-4538   CVE-2013-4539   CVE-2013-4540   CVE-2013-4541   CVE-2013-4542   CVE-2013-6399   CVE-2014-0182   CVE-2014-3461   CVE-2014-0142   CVE-2014-0143   CVE-2014-0144   CVE-2014-0145   CVE-2014-0146   CVE-2014-0147   CVE-2014-0222   CVE-2014-0223   CVE-2014-3471  

Several security issues were fixed in QEMU.

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)

Source

8 September 2014

qemu, qemu-kvm vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Several security issues were fixed in QEMU.

Software Description

  • qemu - Machine emulator and virtualizer
  • qemu-kvm - Machine emulator and virtualizer

Details

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)

Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and others discovered multiple issues in the QEMU block drivers. An attacker able to modify disk images could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223)

It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service. (CVE-2014-3471)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
qemu-system - 2.0.0+dfsg-2ubuntu1.3
qemu-system-aarch64 - 2.0.0+dfsg-2ubuntu1.3
qemu-system-arm - 2.0.0+dfsg-2ubuntu1.3
qemu-system-mips - 2.0.0+dfsg-2ubuntu1.3
qemu-system-misc - 2.0.0+dfsg-2ubuntu1.3
qemu-system-ppc - 2.0.0+dfsg-2ubuntu1.3
qemu-system-sparc - 2.0.0+dfsg-2ubuntu1.3
qemu-system-x86 - 2.0.0+dfsg-2ubuntu1.3
Ubuntu 12.04 LTS
qemu-kvm - 1.0+noroms-0ubuntu14.17
Ubuntu 10.04 LTS
qemu-kvm - 0.12.3+noroms-0ubuntu9.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started