Red Hat Bugzilla – Bug 1139115
CVE-2014-3615 Qemu: information leakage when guest sets high resolution
Last modified: 2016-04-26 20:38:43 EDT
An information leakage flaw was found in Qemu's VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution. A privileged user/program able to set such high resolution could use this flaw to leak host memory bytes. Upstream fixes: --------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5 -> http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1139121]
Statement: This issue does not affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5 or the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 6.
qemu-1.6.2-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
qemu-2.1.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Acknowledgements: This issue was discovered by Laszlo Ersek of Red Hat.
IssueDescription: An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest.
This issue has been addressed in the following products: RHEV-H and Agents for RHEL-7 Via RHSA-2014:1670 https://rhn.redhat.com/errata/RHSA-2014-1670.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1669 https://rhn.redhat.com/errata/RHSA-2014-1669.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1941 https://rhn.redhat.com/errata/RHSA-2014-1941.html