FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)

Affected packages
qemu < 0.11.1_20
0.12 <= qemu < 2.3.0_2
qemu-devel < 0.11.1_20
0.12 <= qemu-devel < 2.3.0_2
qemu-sbruno < 2.3.50.g20150618_1
xen-tools < 4.5.0_6

Details

VuXML ID acd5d037-1c33-11e5-be9c-6805ca1d3bb1
Discovery 2015-04-10
Entry 2015-06-26
Modified 2015-07-11

The QEMU security team reports:

A guest which has access to an emulated PCNET network device (e.g. with "model=pcnet" in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.

References

CVE Name CVE-2015-3209
URL http://xenbits.xen.org/xsa/advisory-135.html