Use-after-free vulnerability in QEMU in Xen 4.5.x and previous versions does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |
||
xen xen |
||
xen xen 4.5.1 |
Five guest-host escalation SNAFUs might be stretching the virtual friendship
The Xen project has revealed another two bugs in the QEMU hypervisor and is now wondering the extent to which it should support the buggy code. The first of the flaws, CVE-2015-5165, means “A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process” and impacts “All Xen systems running x86 HVM guests without stubdomains which have been configured with an emulated RTL8139 driver mode”. There's a workaround and the Xen team are asking you to ...