{ "threat_severity" : "Important", "public_date" : "2014-12-04T00:00:00Z", "bugzilla" : { "description" : "qemu: cirrus: insufficient blit region checks", "id" : "1169454", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169454" }, "cvss" : { "cvss_base_score" : "4.9", "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:P/I:P/A:P", "status" : "verified" }, "cwe" : "CWE-20->CWE-119", "details" : [ "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.", "It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data." ], "statement" : "This issue affects the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, a future update may address this flaw.\nThis issue affects the kvm packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement" : "This issue was discovered by Paolo Bonzini (Red Hat).", "affected_release" : [ { "product_name" : "OpenStack 4 for RHEL 6", "release_date" : "2015-04-28T00:00:00Z", "advisory" : "RHSA-2015:0891", "cpe" : "cpe:/a:redhat:openstack:4::el6", "package" : "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.2" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-04-21T00:00:00Z", "advisory" : "RHSA-2015:0867", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "qemu-kvm-2:0.12.1.2-2.448.el6_6.2" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-03-05T00:00:00Z", "advisory" : "RHSA-2015:0349", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "qemu-kvm-10:1.5.3-86.el7" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date" : "2015-04-28T00:00:00Z", "advisory" : "RHSA-2015:0891", "cpe" : "cpe:/a:redhat:openstack:5::el6", "package" : "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.2" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date" : "2015-04-09T00:00:00Z", "advisory" : "RHSA-2015:0795", "cpe" : "cpe:/a:redhat:openstack:5::el7", "package" : "qemu-kvm-rhev-10:2.1.2-23.el7" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date" : "2015-03-05T00:00:00Z", "advisory" : "RHSA-2015:0643", "cpe" : "cpe:/a:redhat:openstack:6::el7", "package" : "qemu-kvm-rhev-10:2.1.2-23.el7" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2015-04-21T00:00:00Z", "advisory" : "RHSA-2015:0868", "cpe" : "cpe:/a:redhat:enterprise_linux:6::hypervisor", "package" : "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.2" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date" : "2015-03-05T00:00:00Z", "advisory" : "RHSA-2015:0624", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qemu-kvm-rhev-10:2.1.2-23.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8106\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8106" ], "name" : "CVE-2014-8106", "csaw" : false }