CVE-2015-3209

Impact:
Important
Public Date:
2015-06-10
CWE:
CWE-119
Bugzilla:
1225882: CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path
A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

Find out more about CVE-2015-3209 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7 as they do not enable the pcnet backend driver.

This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases may address this flaw.

Please note that AMD PCNet adapter has to be explicitly enabled per-guest as it is not enabled in default configuration and is not supported by Red Hat in Red Hat Enterprise Linux 6 (for a list of supported devices please consult https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-whitelist-device-options.html).

CVSS v2 metrics

Base Score 6.5
Base Metrics AV:A/AC:H/Au:S/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity High
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (qemu-kvm-rhev) RHSA-2015:1089 2015-06-10
Red Hat Enterprise Linux 6 (qemu-kvm) RHSA-2015:1087 2015-06-10
Red Hat Enterprise Linux Virtualization 5 (kvm) RHSA-2015:1189 2015-06-25
RHEV Agents (vdsm) (qemu-kvm-rhev) RHSA-2015:1088 2015-06-10

Affected Packages State

Platform Package State
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 qemu-kvm-rhev Not affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 qemu-kvm-rhev Not affected
Red Hat Enterprise Linux OpenStack Platform 4.0 qemu-kvm-rhev Will not fix
Red Hat Enterprise Linux 7 qemu-kvm-rhev Not affected
Red Hat Enterprise Linux 7 qemu-kvm Not affected
Red Hat Enterprise Linux 5 xen Will not fix
RHEV Manager 3 rhev-hypervisor Affected

Acknowledgements

Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.