From 4bf59b9fdfe99d97b407b271a5c059b29a8f94bc Mon Sep 17 00:00:00 2001 From: Juergen Lock Date: Fri, 26 Jun 2015 19:13:31 +0000 Subject: [PATCH] Document qemu pcnet guest to host escape vulnerability - CVE-2015-3209 PR: 201064 Submitted by: koobs Security: https://vuxml.FreeBSD.org/freebsd/acd5d037-1c33-11e5-be9c-6805ca1d3bb1.html --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3c2d405bc71b..b042867c631f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,42 @@ Notes: --> + + qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209) + + + qemu + qemu-devel + 0.11.1_20 + 0.122.3.0_2 + + + qemu-sbruno + 2.3.50.g20150618_1 + + + + +

The QEMU security team reports:

+
+

A guest which has access to an emulated PCNET network + device (e.g. with "model=pcnet" in their VIF configuration) + can exploit this vulnerability to take over the qemu + process elevating its privilege to that of the qemu + process.

+
+ + + + http://xenbits.xen.org/xsa/advisory-135.html + CVE-2015-3209 + + + 2015-04-10 + 2015-06-26 + + + elasticsearch -- security fix for shared file-system repositories