==== KVM ==== * git reppo: https://git.opnfv.org/cgit/kvmfornfv/tree * kernel-git: https://git.opnfv.org/cgit/kvmfornfv/tree/kernel * KVM Security Improvements: http://www.linux-kvm.org/images/f/f6/01x02-KVMHardening.pdf CVE-list: * [[https://web.nvd.nist.gov/view/vuln/search-results?query=kvm&search_type=all&cves=on|web.nvd.nist.gov]] * [[https://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/Linux-Linux-Kernel.html |cvedetails.com]](search for kvm) === CVEs fixed in KVM === ^ CVE ^ Description ^ Fixed in Arno ^ Fixed in Brahmaputra| | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-8104]] | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | | | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-5307]] | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | | | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104|CVE-2015-4692]] | The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | | | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239|CVE-2015-0239]] | The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | | | | | ==== QEMU ==== * Qemu-git: https://git.opnfv.org/cgit/kvmfornfv/tree/qemu * Qemu-wiki: http://wiki.qemu.org * Qemu-security process: http://wiki.qemu.org/SecurityProcess * CVE-list: https://www.cvedetails.com/vulnerability-list/vendor_id-7506/Qemu.html === CVEs fixed in QEMU === ^ CVE ^ Description ^ Fixed in Arno ^ Fixed in Brahmaputra| | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295|CVE-2015-7295]] | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. | | | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6855|CVE-2015-6855]] | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | | | | [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2015-5225|CVE-2015-5225]] | Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. | | | ==== Xen ==== * Xen-wiki: http://wiki.xen.org/wiki * Xen-Advisory: http://xenbits.xen.org/xsa * CVE-list: https://www.cvedetails.com/vulnerability-list/vendor_id-6276/XEN.html