virtualization
This is an old revision of the document!
Table of Contents
KVM(Linux kernel)
- git reppo: https://git.opnfv.org/cgit/kvmfornfv/tree
- kernel-git: https://git.opnfv.org/cgit/kvmfornfv/tree/kernel
CVEs fixed in KVM
| CVE | Description | Fixed in Arno | Fixed in Brahmaputra |
|---|---|---|---|
| CVE-2015-8104 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | ||
| CVE-2015-5307 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | ||
| CVE-2015-4692 | The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | ||
| CVE-2015-0239 | The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. |
QEMU
- Qemu-wiki: http://wiki.qemu.org
- Qemu-security process: http://wiki.qemu.org/SecurityProcess
CVEs fixed in QEMU
| CVE | Description | Fixed in Arno | Fixed in Brahmaputra |
|---|---|---|---|
| CVE-2015-7295 | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. | ||
| CVE-2015-6855 | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | ||
| CVE-2015-5225 | Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. |
Xen
- Xen-wiki: http://wiki.xen.org/wiki
- Xen-Advisory: http://xenbits.xen.org/xsa
virtualization.1452772343.txt.gz · Last modified: 2016/01/14 11:52 by Sona Sarmadi
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
