RHEL 7 : qemu-kvm-rhev (RHSA-2015:0624)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated qemu-kvm-rhev packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red
Hat Enterprise Virtualization Hypervisor 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package
provides the user-space component for running virtual machines using
KVM, in environments managed by Red Hat Enterprise Virtualization
Manager.

It was found that the Cirrus blit region checks were insufficient. A
privileged guest user could use this flaw to write outside of
VRAM-allocated buffer boundaries in the host's QEMU process address
space with attacker-provided data. (CVE-2014-8106)

An uninitialized data structure use flaw was found in the way the
set_pixel_format() function sanitized the value of bits_per_pixel. An
attacker able to access a guest's VNC console could use this flaw to
crash the guest. (CVE-2014-7815)

It was found that certain values that were read when loading RAM
during migration were not validated. A user able to alter the savevm
data (either on the disk or over the wire during migration) could use
either of these flaws to corrupt QEMU process memory on the
(destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-7840)

A NULL pointer dereference flaw was found in the way QEMU handled UDP
packets with a source port and address of 0 when QEMU's user
networking was in use. A local guest user could use this flaw to crash
the guest. (CVE-2014-3640)

Red Hat would like to thank James Spadaro of Cisco for reporting
CVE-2014-7815, and Xavier Mehrenberger and Stephane Duverger of Airbus
for reporting CVE-2014-3640. The CVE-2014-8106 issue was found by
Paolo Bonzini of Red Hat, and the CVE-2014-7840 issue was discovered
by Michael S. Tsirkin of Red Hat.

This update provides the enhanced version of the qemu-kvm-rhev
packages for Red Hat Enterprise Virtualization (RHEV) Hypervisor,
which also fixes several bugs and adds various enhancements.

All Red Hat Enterprise Virtualization users with deployed
virtualization hosts are advised to install these updated packages,
which add this enhancement. After installing this update, shut down
all running virtual machines. Once all virtual machines have shut
down, start them again for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3640.html
https://www.redhat.com/security/data/cve/CVE-2014-7815.html
https://www.redhat.com/security/data/cve/CVE-2014-7840.html
https://www.redhat.com/security/data/cve/CVE-2014-8106.html
http://rhn.redhat.com/errata/RHSA-2015-0624.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 81661 ()

Bugtraq ID:

CVE ID: CVE-2014-3640
CVE-2014-7815
CVE-2014-7840
CVE-2014-8106

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now