SDLab

SDLab
SDLab.org::Adminな脳み

2015年8月4日火曜日

QEMUの不具合2件

どっちもPVは影響受けません。


[Xen-users] Xen Security Advisory 139 (CVE-2015-5166) - Use after free in QEMU/Xen block unplug protocol
http://lists.xen.org/archives/html/xen-users/2015-08/msg00008.html

ISSUE DESCRIPTION
=================
When unplugging an emulated block device the device was not fully
unplugged, meaning a second unplug attempt would attempt to unplug the
device a second time using a previously freed pointer.
IMPACT
======
An HVM guest which has access to an emulated IDE disk device may be
able to exploit this vulnerability in order to take over the qemu
process elevating its privilege to that of the qemu process.




[Xen-users] Xen Security Advisory 140 (CVE-2015-5165) - QEMU leak of uninitialized heap memory in rtl8139 device model
http://lists.xen.org/archives/html/xen-users/2015-08/msg00009.html

ISSUE DESCRIPTION
=================
The QEMU model of the RTL8139 network card did not sufficiently
validate inputs in the C+ mode offload emulation. This results in
uninitialised memory from the QEMU process's heap being leaked to the
domain as well as to the network.
IMPACT
======
A guest may be able to read sensitive host-level data relating to
itself which resides in the QEMU process.
Such information may include things such as information relating to
real devices backing emulated devices or passwords which the host
administrator does not intend to share with the guest admin.

0 件のコメント:

コメントを投稿