[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3067-1 qemu-kvm -- qemu-kvm

ID: oval:org.secpod.oval:def:601828Date: (C)2014-11-14   (M)2023-12-07
Class: PATCHFamily: unix




Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest"s VNC console could use this flaw to crash the guest.

Platform:
Debian 7.0
Product:
qemu-kvm
Reference:
DSA-3067-1
CVE-2014-3689
CVE-2014-7815
CVE    2
CVE-2014-3689
CVE-2014-7815
CPE    2
cpe:/a:kvm_group:qemu-kvm
cpe:/o:debian:debian_linux:7.x

© SecPod Technologies