SB2015103105 - Gentoo update for QEMU
Published: October 31, 2015 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2015-3209)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
2) Memory corruption (CVE-ID: CVE-2015-3214)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption error within the pit_ioport_read() function in arch/x86/kvm/i8254.c. A local user can execute arbitrary code.
3) Heap-based buffer overflow (CVE-ID: CVE-2015-5154)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled,. A remote attacker can use unspecified ATAPI commands. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2015-5158)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing an invalid opcode in a SCSI command descriptor block. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.