[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [Qemu-devel] [PULL 0/3] Cve 2015 5154 patches
|
From: |
Kevin Wolf |
|
Subject: |
Re: [Qemu-stable] [Qemu-devel] [PULL 0/3] Cve 2015 5154 patches |
|
Date: |
Mon, 27 Jul 2015 15:38:51 +0200 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Am 27.07.2015 um 15:25 hat Stefan Priebe - Profihost AG geschrieben:
>
> Am 27.07.2015 um 14:28 schrieb John Snow:
> >
> >
> > On 07/27/2015 08:10 AM, Stefan Priebe - Profihost AG wrote:
> >>
> >> Am 27.07.2015 um 14:01 schrieb John Snow:
> >>> The following changes since commit
> >>> f793d97e454a56d17e404004867985622ca1a63b:
> >>>
> >>> Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into
> >>> staging (2015-07-24 13:07:10 +0100)
> >>>
> >>> are available in the git repository at:
> >>>
> >>> https://github.com/jnsnow/qemu.git tags/cve-2015-5154-pull-request
> >>
> >> Any details on this CVE? Is RCE possible? Only if IDE is used?
> >>
> >> Stefan
> >>
> >
> > It's a heap overflow. The most likely outcome is a segfault, but the
> > guest is allowed to continue writing past the end of the PIO buffer at
> > its leisure. This makes it similar to CVE-2015-3456.
> >
> > This CVE can be mitigated unlike CVE-2015-3456 by just removing the
> > CD-ROM drive until the patch can be applied.
>
> Thanks. The seclist article explicitly references xen. So it does not
> apply to qemu/kvm? Sorry for asking may be stupid questions.
The IDE emulation is shared between Xen and KVM, so both are affected.
The reason why the seclist mail only mentions Xen is probably because
the Xen security team posted it.
Meanwhile there is also a Red Hat CVE page available, which mentions
qemu-kvm: https://access.redhat.com/security/cve/CVE-2015-5154
Kevin
Re: [Qemu-stable] [PULL 0/3] Cve 2015 5154 patches, Peter Maydell, 2015/07/27