Bug 1256672 (CVE-2015-5279) - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
Summary: CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-5279
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1263272 1263273 1263274 1263275 1263276 1263277 1263278 1263279 1263280 1263287 1267466
Blocks: 1256675
TreeView+ depends on / blocked
 
Reported: 2015-08-25 08:48 UTC by Adam Mariš
Modified: 2021-02-17 04:59 UTC (History)
43 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:43:15 UTC

Attachments (Terms of Use)
Crash report (201.55 KB, image/jpeg)
2015-08-25 08:49 UTC, Adam Mariš 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1896 0 normal SHIPPED_LIVE Important: qemu-kvm-rhev security update 2015-10-15 16:17:40 UTC
Red Hat Product Errata RHSA-2015:1923 0 normal SHIPPED_LIVE Important: qemu-kvm-rhev security update 2015-10-22 20:44:02 UTC
Red Hat Product Errata RHSA-2015:1924 0 normal SHIPPED_LIVE Important: qemu-kvm security update 2015-10-22 20:41:35 UTC
Red Hat Product Errata RHSA-2015:1925 0 normal SHIPPED_LIVE Important: kvm security update 2015-10-22 20:41:34 UTC
Red Hat Product Errata RHSA-2015:2065 0 normal SHIPPED_LIVE Important: xen security update 2015-11-16 23:57:46 UTC

Description Adam Mariš 2015-08-25 08:48:30 UTC 
Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network.

A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2015/09/15/3
Comment 1 Adam Mariš 2015-08-25 08:49:33 UTC 
Created attachment 1066783 [details]
Crash report
Comment 3 Prasad Pandit 2015-09-15 12:03:06 UTC 
Statement: 

This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.

This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6.

This issue affects the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7.

This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.
Comment 9 Prasad Pandit 2015-09-15 13:25:32 UTC 
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1263278]
Comment 10 Prasad Pandit 2015-09-15 13:40:10 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1263287]
Comment 12 Fedora Update System 2015-09-24 05:08:41 UTC 
qemu-2.4.0-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2015-10-03 17:34:12 UTC 
xen-4.5.1-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2015-10-04 22:50:12 UTC 
xen-4.5.1-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2015-10-04 23:19:26 UTC 
xen-4.4.3-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2015-10-09 10:28:52 UTC 
qemu-2.3.1-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2015-10-09 11:20:33 UTC 
qemu-2.1.3-11.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 22 Summer Long 2015-10-14 23:51:51 UTC 
Acknowledgements:

Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.
Comment 23 errata-xmlrpc 2015-10-15 12:17:51 UTC 
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2015:1896 https://rhn.redhat.com/errata/RHSA-2015-1896.html
Comment 25 errata-xmlrpc 2015-10-22 16:44:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:1925 https://rhn.redhat.com/errata/RHSA-2015-1925.html
Comment 26 errata-xmlrpc 2015-10-22 16:44:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1924 https://rhn.redhat.com/errata/RHSA-2015-1924.html
Comment 27 errata-xmlrpc 2015-10-22 16:45:21 UTC 
This issue has been addressed in the following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2015:1923 https://rhn.redhat.com/errata/RHSA-2015-1923.html
Comment 28 errata-xmlrpc 2015-11-16 18:58:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:2065 https://rhn.redhat.com/errata/RHSA-2015-2065.html
Note You need to log in before you can comment on or make changes to this bug.