Home / mailings [USN-2891-1] QEMU vulnerabilities
Posted on 03 February 2016
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2891-1
February 03, 2016
qemu, qemu-kvm vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer
Details:
Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. =
An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 L=
TS
and Ubuntu 15.10. (CVE-2015-7549)
Lian Yihan discovered that QEMU incorrectly handled the VNC server. A
remote attacker could use this issue to cause QEMU to crash, resulting in=
a
denial of service. (CVE-2015-8504)
Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of servic=
e
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)
Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation
support. An attacker inside the guest could use this issue to cause QEMU =
to
consume resources, resulting in a denial of service. (CVE-2015-8558)
Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device.=
An attacker inside the guest could use this issue to cause QEMU to consum=
e
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)
Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS H=
BA
emulation. An attacker inside the guest could use this issue to cause QEM=
U
to crash, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)
Ling Liu discovered that QEMU incorrectly handled the Human Monitor
Interface. A local attacker could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 L=
TS
and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)
David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chips=
et
emulation when performing VM guest migrations. An attacker could use this=
issue to cause QEMU to crash, resulting in a denial of service. This issu=
e
only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)
Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2015-8743)
It was discovered that QEMU incorrectly handled the vmxnet3 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 L=
TS
and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)
Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. A=
n
attacker inside the guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user runni=
ng
the QEMU process. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile.
(CVE-2016-1568)
Donghai Zhu discovered that QEMU incorrect handled the firmware
configuration device. An attacker inside the guest could use this issue t=
o
cause a denial of service, or possibly execute arbitrary code on the host=
as the user running the QEMU process. In the default installation, when
QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2016-1714)
It was discovered that QEMU incorrectly handled the e1000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2016-1981)
Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. A=
n
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 15.10.
(CVE-2016-2197)
Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. A=
n
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 L=
TS
and Ubuntu 15.10. (CVE-2016-2198)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
qemu-system 1:2.3+dfsg-5ubuntu9.2
qemu-system-aarch64 1:2.3+dfsg-5ubuntu9.2
qemu-system-arm 1:2.3+dfsg-5ubuntu9.2
qemu-system-mips 1:2.3+dfsg-5ubuntu9.2
qemu-system-misc 1:2.3+dfsg-5ubuntu9.2
qemu-system-ppc 1:2.3+dfsg-5ubuntu9.2
qemu-system-sparc 1:2.3+dfsg-5ubuntu9.2
qemu-system-x86 1:2.3+dfsg-5ubuntu9.2
Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.22
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.22
qemu-system-arm 2.0.0+dfsg-2ubuntu1.22
qemu-system-mips 2.0.0+dfsg-2ubuntu1.22
qemu-system-misc 2.0.0+dfsg-2ubuntu1.22
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.22
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.22
qemu-system-x86 2.0.0+dfsg-2ubuntu1.22
Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.27
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2891-1
CVE-2015-7549, CVE-2015-8504, CVE-2015-8550, CVE-2015-8558,
CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619,
CVE-2015-8666, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745,
CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981,
CVE-2016-2197, CVE-2016-2198
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu9.2
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.22
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.27