Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and previous versions, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen |
||
xen xen 4.5.1 |
||
suse linux enterprise server 11 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise software development kit 11 |
||
suse linux enterprise desktop 12 |
||
suse linux enterprise debuginfo 11 |
||
suse suse linux enterprise server 12 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |
||
fedoraproject fedora 21 |
||
qemu qemu |
Don't stick your head in the sand, patch QEMU
The Xen Project has reported another guest/host escape bug, its third for the year including the VENOM vuln and the XSA-135 SNAFU. The new vuln glories in the name XSA-138, aka CVE-2015-5154 and means “An HVM guest which has access to an emulated IDE CDROM device (e.g. with a device with "devtype=cdrom", or the "cdrom" convenience alias, in the VBD configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.” “All Xen syst...