DSA-3285-1 qemu-kvm -- qemu-kvmID: oval:org.secpod.oval:def:602139 | Date: (C)2015-06-17 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-3209 Matt Tait of Google"s Project Zero security team discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-4037 Kurt Seifried of Red Hat Product Security discovered that QEMU"s user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service.