DSA-3362-1 qemu-kvm -- qemu-kvmID: oval:org.secpod.oval:def:602233 | Date: (C)2015-09-29 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service . CVE-2015-5279 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service , or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-6815 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service . CVE-2015-6855 Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE"s WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service .