FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands

Affected packages
qemu <= 0.11.1_20
0.12 <= qemu <= 2.3.0_2
qemu-devel <= 0.11.1_20
0.12 <= qemu-devel <= 2.3.0_2
qemu-sbruno < 2.4.50.g20150814
qemu-user-static < 2.4.50.g20150814
xen-tools < 4.5.0_9

Details

VuXML ID da451130-365d-11e5-a4a5-002590263bf5
Discovery 2015-07-27
Entry 2015-08-04
Modified 2015-08-19

The Xen Project reports:

A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands.

A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

References

CVE Name CVE-2015-5154
URL http://git.qemu.org/?p=qemu.git;a=commit;h=e40db4c6d391419c0039fe274c74df32a6ca1a28
URL http://xenbits.xen.org/xsa/advisory-138.html