| Summary: | CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Prasad J Pandit <ppandit> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abaron, apevec, areis, ayoung, carnil, chrisw, dallan, gkotton, gmollett, jen, knoel, lhh, lpeer, markmc, mrezanin, mst, pbonzini, ppandit, rbryant, sclewis, security-response-team, slong, srevivo, tdecacqu, virt-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A flaw has been found in the QEMU emulator built with IDE Emulation PCI PIIX3/4 support; the emulator is vulnerable to a use-after-free flaw, while writing data to an I/O port inside a guest. This issue is specific to the Xen platform. A privileged(CAP_SYS_RAWIO) guest user on the Xen platform could use this flaw to crash the QEMU instance or attempt to make a guest escape to QEMU-process privileges.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:42:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1249000, 1249001, 1249002, 1249003, 1249757, 1249758 | ||
| Bug Blocks: | 1243299 | ||
|
Description
Prasad J Pandit
2015-07-31 09:59:27 UTC
Statement: This issue does not affect the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6. This issue does not affect the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7. This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue does not affect the qemu-kvm-rhev packages as shipped with any currently supported versions of Red Hat Enterprise Linux OpenStack Platform. Created xen tracking bugs for this issue: Affects: fedora-all [bug 1249757] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1249758] External References: http://xenbits.xen.org/xsa/advisory-139.html Acknowledgement: Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. qemu-2.3.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. qemu-2.4.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. xen-4.5.1-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14361 xen-4.5.1-6.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14362 xen-4.4.3-1.fc21 has been submitted as an update to Fedora 21. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14363 xen-4.5.1-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. xen-4.4.3-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. xen-4.5.1-8.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |