|Summary:||CVE-2014-3615 Qemu: information leakage when guest sets high resolution|
|Product:||[Other] Security Response||Reporter:||Prasad J Pandit <ppandit>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||abaron, amit.shah, aortega, apevec, areis, ayoung, berrange, bsarathy, carnil, cfergeau, chrisw, dallan, dwmw2, ehabkost, gkotton, gmollett, itamar, jrusnack, knoel, kraxel, lhh, lpeer, markmc, mkenneth, mrezanin, mtosatti, pbonzini, rbalakri, rbryant, rhod, rjones, sclewis, scottt.tw, stefanha, virt-maint, virt-maint, yeylon|
|Fixed In Version:||qemu-kvm-1.5.3-60.el7_0.8||Doc Type:||Bug Fix|
An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest.
|Last Closed:||2014-12-02 17:40:45 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1139117, 1139118, 1139119, 1139120, 1139121, 1164001|
|Bug Blocks:||1130932, 1152005|
Description Prasad J Pandit 2014-09-08 06:32:26 UTC
An information leakage flaw was found in Qemu's VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution. A privileged user/program able to set such high resolution could use this flaw to leak host memory bytes. Upstream fixes: --------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5 -> http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
Comment 3 Prasad J Pandit 2014-09-08 06:35:43 UTC
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1139121]
Comment 4 Prasad J Pandit 2014-09-08 06:38:02 UTC
Statement: This issue does not affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5 or the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 6.
Comment 5 Fedora Update System 2014-09-11 00:55:09 UTC
qemu-1.6.2-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2014-09-23 05:07:44 UTC
qemu-2.1.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Prasad J Pandit 2014-10-16 15:06:24 UTC
Acknowledgements: This issue was discovered by Laszlo Ersek of Red Hat.
Comment 9 Martin Prpič 2014-10-20 11:20:59 UTC
IssueDescription: An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest.
Comment 10 errata-xmlrpc 2014-10-20 17:20:46 UTC
This issue has been addressed in the following products: RHEV-H and Agents for RHEL-7 Via RHSA-2014:1670 https://rhn.redhat.com/errata/RHSA-2014-1670.html
Comment 11 errata-xmlrpc 2014-10-20 18:26:10 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1669 https://rhn.redhat.com/errata/RHSA-2014-1669.html