Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1225882 (CVE-2015-3209, xsa135)
Summary: | CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | abaron, acathrow, ailan, alonbl, aortega, apevec, areis, armbru, ayoung, bazulay, bmcclain, carnil, chrisw, dallan, dblechte, drjones, ecohen, fdeutsch, gklein, gkotton, gmollett, idith, iheim, imammedo, jen, knoel, lhh, lpeer, lsurette, markmc, michal.skrivanek, mkenneth, mrezanin, mst, pbonzini, ppandit, pstehlik, rbalakri, rbryant, rkrcmar, rpacheco, sclewis, security-response-team, stefanha, vkuznets, ycui, yeylon | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-08-26 17:42:25 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1225886, 1225887, 1225889, 1225890, 1225892, 1225893, 1225896, 1225898, 1227601, 1227602, 1230536, 1230537, 1230538 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Petr Matousek
2015-05-28 11:46:16 UTC
Created attachment 1031225 [details]
Upstream patch
7b50d00911ddd6d56a766ac5671e47304c20a21b commit is a prerequisite.
Statement: This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7 as they do not enable the pcnet backend driver. This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases may address this flaw. Please note that AMD PCNet adapter has to be explicitly enabled per-guest as it is not enabled in default configuration and is not supported by Red Hat in Red Hat Enterprise Linux 6 (for a list of supported devices please consult https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-whitelist-device-options.html). Upstream patch submission: https://www.mail-archive.com/qemu-devel@nongnu.org/msg302403.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1087 https://rhn.redhat.com/errata/RHSA-2015-1087.html This issue has been addressed in the following products: RHEV-H and Agents for RHEL-6 Via RHSA-2015:1088 https://rhn.redhat.com/errata/RHSA-2015-1088.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2015:1089 https://rhn.redhat.com/errata/RHSA-2015-1089.html Created xen tracking bugs for this issue: Affects: fedora-all [bug 1230537] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1230536] Affects: epel-7 [bug 1230538] xen-4.5.0-11.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. xen-4.4.2-6.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. xen-4.3.4-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1189 https://rhn.redhat.com/errata/RHSA-2015-1189.html qemu-2.3.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. qemu-2.4.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. qemu-2.1.3-9.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |