FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerabilities in NE2000 NIC support

Affected packages
qemu < 2.4.0.1
qemu-devel < 2.4.0.1
qemu-sbruno < 2.5.50.g20151224
qemu-user-static < 2.5.50.g20151224

Details

VuXML ID 6aa3322f-b150-11e5-9728-002590263bf5
Discovery 2015-09-15
Entry 2016-01-02

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.

Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network.

A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.

References

CVE Name CVE-2015-5278
CVE Name CVE-2015-5279
URL http://git.qemu.org/?p=qemu.git;a=commit;h=5a1ccdfe44946e726b4c6fda8a4493b3931a68c1
URL http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
URL http://www.openwall.com/lists/oss-security/2015/09/15/2
URL http://www.openwall.com/lists/oss-security/2015/09/15/3
URL https://github.com/seanbruno/qemu-bsd-user/commit/737d2b3c41d59eb8f94ab7eb419b957938f24943
URL https://github.com/seanbruno/qemu-bsd-user/commit/9bbdbc66e5765068dce76e9269dce4547afd8ad4