#VU33994 Buffer overflow in QEMU - CVE-2015-5745
Vulnerability identifier: #VU33994
Vulnerability risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
QEMU
Client/Desktop applications /
Virtualization software
Vendor: QEMU
Description
The vulnerability allows a remote user to execute arbitrary code on the hypervisor system.
The vulnerability exists due to a boundary error in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU. A remote user can pass a specially crafted virtio control message, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
QEMU: 2.0 - 2.3.1
External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
https://www.openwall.com/lists/oss-security/2015/08/06/3
https://www.openwall.com/lists/oss-security/2015/08/06/5
https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295
https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
