CVE-2014-7840 – qemu: insufficient parameter validation during ram load
https://notcve.org/view.php?id=CVE-2014-7840
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. La función host_from_stream_offset en arch_init.c en QEMU, cuando carga RAM durante la migración, permite a atacantes remotos ejecutar código arbitrario a través de un valor (1) offset o (2) length manipulado en datos savevm. It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://thread.gmane.org/gmane.comp.emulators.qemu/306117 https://bugzilla.redhat.com/show_bug.cgi?id=1163075 https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 https://access.redhat.com/security/cve/CVE-2014-7840 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •
CVE-2014-3471
https://notcve.org/view.php?id=CVE-2014-3471
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Vulnerabilidad de uso de memoria previamente liberada en hw/pci/pcie.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (cierre inesperado de la instancia QEMU) mediante las operaciones hotplug y hotunplug de los dispositivos Virtio orientados a bloques. • http://security.gentoo.org/glsa/glsa-201412-01.xml http://www.openwall.com/lists/oss-security/2014/06/23/4 http://www.securityfocus.com/bid/68145 https://bugzilla.redhat.com/show_bug.cgi?id=1112271 https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html • CWE-416: Use After Free •
CVE-2014-8106 – qemu: cirrus: insufficient blit region checks
https://notcve.org/view.php?id=CVE-2014-8106
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. Desbordamiento de buffer basado en memoria dinámica en el emulador Cirrus VGA (hw/display/cirrus_vga.c) en QEMU anterior a 2.2.0 permite a usuarios locales invotados ejecutar código arbitrario a través de vectores relacionados con las regiones blit. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2007-1320. It was found that the Cirrus blit region checks were insufficient. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://rhn.redhat.com/errata/RHSA-2015-0643.html http://rhn.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-5388
https://notcve.org/view.php?id=CVE-2014-5388
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. Error de superación de límite (off-by-one) en la función pci_read en ACPI PCI interfaz hotplug (hw/acpi/pcihp.c) en QEMU permite a usuarios locales invitados obtener información sensible y tener otro impacto no especificado relacionado con un dispositivo PCI manipulado que provoca daños en la memoria. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 http://seclists.org/oss-sec/2014/q3/438 http://seclists.org/oss-sec/2014/q3/440 http://www.ubuntu.com/usn/USN-2409-1 https://bugzilla.redhat.com/show_bug.cgi?id=1132956 https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html • CWE-193: Off-by-one Error •
CVE-2014-3689
https://notcve.org/view.php?id=CVE-2014-3689
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. El driver vmware-vga (hw/display/vmware_vga.c) en QEMU permite a usuarios locales invitados escribir en la localizaciones de la memoria en qemu y ganar privilegios a través de parámetros sin especificar relacionados con la manipulación del rectángulo. • http://secunia.com/advisories/60923 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/security/2014/dsa-3067 http://www.osvdb.org/114397 http://www.ubuntu.com/usn/USN-2409-1 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html • CWE-269: Improper Privilege Management •