Back to bug 1296060
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Prasad Pandit | 2016-01-06 10:04:20 UTC | Blocks | 1295739 | |
| Prasad Pandit | 2016-01-06 10:07:39 UTC | Depends On | 1296080 | |
| Prasad Pandit | 2016-01-06 10:21:01 UTC | Doc Text | Qemu emulator built with the Firmware Configuration device emulation support is vulnerable to an OOB r/w access issue. It could occur while processing firmware configurations, if the current configuration entry value was set to be invalid. A privileged(CAP_SYS_RAWIO) user/process inside guest could use this flaw to crash the Qemu process instance resulting in DoS OR potentially execute arbitrary code with privileges of the Qemu process on the host. |
|
| Summer Long | 2016-01-07 23:50:38 UTC | CC | slong | |
| Doc Text | Qemu emulator built with the Firmware Configuration device emulation support is vulnerable to an OOB r/w access issue. It could occur while processing firmware configurations, if the current configuration entry value was set to be invalid. A privileged(CAP_SYS_RAWIO) user/process inside guest could use this flaw to crash the Qemu process instance resulting in DoS OR potentially execute arbitrary code with privileges of the Qemu process on the host. | An out-of-bounds read/write flaw was discovered in the QEMU emulator built with Firmware Configuration device emulation support. The flaw could occur while processing firmware configurations if the current configuration entry value was set to be invalid. A privileged(CAP_SYS_RAWIO) user or process inside the guest could exploit this flaw to crash the QEMU process instance (denial of service), or potentially execute arbitrary code on the host with QEMU-process privileges. | ||
| Salvatore Bonaccorso | 2016-01-11 18:05:52 UTC | CC | carnil | |
| Prasad Pandit | 2016-01-13 05:13:07 UTC | Alias | CVE-2016-1714 | |
| Prasad Pandit | 2016-01-13 05:13:28 UTC | Summary | Qemu: nvram: OOB r/w access in processing firmware configurations | CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations |
| Prasad Pandit | 2016-01-13 05:16:19 UTC | Depends On | 1298045 | |
| Prasad Pandit | 2016-01-13 05:16:30 UTC | Depends On | 1298046 | |
| Prasad Pandit | 2016-01-13 05:16:42 UTC | Depends On | 1298047 | |
| Prasad Pandit | 2016-01-13 05:16:52 UTC | Depends On | 1298048 | |
| Prasad Pandit | 2016-01-13 05:16:58 UTC | Depends On | 1298049 | |
| Prasad Pandit | 2016-01-13 05:17:15 UTC | Depends On | 1298050 | |
| Prasad Pandit | 2016-01-13 05:17:33 UTC | Depends On | 1298051 | |
| Prasad Pandit | 2016-01-13 05:17:49 UTC | Depends On | 1298052 | |
| Prasad Pandit | 2016-01-13 06:32:47 UTC | Whiteboard | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=affected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=defer,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected |
| Garth Mollett | 2016-01-13 23:19:41 UTC | Whiteboard | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=defer,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=defer,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected |
| Garth Mollett | 2016-01-13 23:20:33 UTC | Depends On | 1298385 | |
| Prasad Pandit | 2016-01-14 05:27:30 UTC | Whiteboard | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=defer,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=defer,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm-rhev=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected |
| Prasad Pandit | 2016-01-14 05:28:39 UTC | Depends On | 1298433 | |
| Prasad Pandit | 2016-01-14 05:28:49 UTC | Depends On | 1298434 | |
| Prasad Pandit | 2016-01-14 05:29:01 UTC | Depends On | 1298435 | |
| Prasad Pandit | 2016-01-14 05:29:12 UTC | Depends On | 1298436 | |
| Garth Mollett | 2016-01-15 00:38:07 UTC | Blocks | 1298460 | |
| Martin Prpič | 2016-01-27 10:05:14 UTC | Doc Text | An out-of-bounds read/write flaw was discovered in the QEMU emulator built with Firmware Configuration device emulation support. The flaw could occur while processing firmware configurations if the current configuration entry value was set to be invalid. A privileged(CAP_SYS_RAWIO) user or process inside the guest could exploit this flaw to crash the QEMU process instance (denial of service), or potentially execute arbitrary code on the host with QEMU-process privileges. | An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. |
| Tomas Hoger | 2016-01-28 20:34:24 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-01-28 15:34:24 UTC | |||
| Perry Myers | 2016-04-27 00:41:26 UTC | CC | pmyers | |
| Tomas Hoger | 2019-05-31 12:33:40 UTC | Whiteboard | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=defer,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm-rhev=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=wontfix,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm-rhev=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected |
| Product Security DevOps Team | 2019-09-29 13:41:49 UTC | Whiteboard | impact=important,public=20160105,reported=20151225,source=researcher,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-125,rhel-5/kvm=wontfix,rhel-5/xen=notaffected,rhel-6/qemu-kvm=affected,rhel-7/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm-rhev=affected,fedora-all/xen=affected,fedora-all/qemu=notaffected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected |
Back to bug 1296060