Vigil@nce - QEMU: multiple vulnerabilities
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of QEMU.
Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise
Desktop, SLES, Ubuntu, Unix (platform)
Severity: 2/4
Creation date: 05/11/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in QEMU.
An attacker can generate an integer overflow in virtio_net_load,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4148]
An attacker can generate a buffer overflow in virtio_net_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4149]
An attacker can generate a buffer overflow in virtio_net_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4150]
An attacker can generate a buffer overflow in virtio_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4151]
An attacker can generate a buffer overflow in hw/ide/ahci.c, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4526]
An attacker can generate a buffer overflow in hw/timer/hpet.c, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4527]
An attacker can generate a buffer overflow in hw/pci/pcie_aer.c,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4529]
An attacker can generate a buffer overflow in hw/ssi/pl022.c, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4530]
An attacker can generate a buffer overflow in
target-arm/machine.c, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4; CVE-2013-4531]
An attacker can generate a buffer overflow in pxa2xx_ssp_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4533]
An attacker can generate a buffer overflow in hw/intc/openpic.c,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4534]
An attacker can generate an integer overflow in ssi_sd_transfer,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4537]
An attacker can generate a buffer overflow in ssd0323_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4538]
An attacker can generate a buffer overflow in tsc210x_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-4539]
An attacker can generate a buffer overflow in
scoop_gpio_handler_update, in order to trigger a denial of
service, and possibly to execute code. [severity:2/4;
CVE-2013-4540]
An attacker can generate an integer overflow in
usb_device_post_load, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4; CVE-2013-4541]
An attacker can generate a buffer overflow in
virtio_scsi_load_request, in order to trigger a denial of service,
and possibly to execute code. [severity:2/4; CVE-2013-4542]
An attacker can generate an integer overflow in virtio_load, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-6399]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/QEMU-multiple-vulnerabilities-15585