Debian DSA-3362-1 : qemu-kvm - security update

medium Nessus Plugin ID 86024
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

- CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).

- CVE-2015-5279 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.

- CVE-2015-6815 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).

- CVE-2015-6855 Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).

Solution

Upgrade the qemu-kvm packages.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u11.

See Also

https://security-tracker.debian.org/tracker/CVE-2015-5278

https://security-tracker.debian.org/tracker/CVE-2015-5279

https://security-tracker.debian.org/tracker/CVE-2015-6815

https://security-tracker.debian.org/tracker/CVE-2015-6855

https://packages.debian.org/source/wheezy/qemu-kvm

https://www.debian.org/security/2015/dsa-3362

Plugin Details

Severity: Medium

ID: 86024

File Name: debian_DSA-3362.nasl

Version: 2.10

Type: local

Agent: unix

Published: 9/21/2015

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qemu-kvm, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 9/18/2015

Vulnerability Publication Date: 9/28/2015

Reference Information

CVE: CVE-2015-5278, CVE-2015-5279, CVE-2015-6815, CVE-2015-6855

DSA: 3362