qemu: Privilege escalation via emulated floppy disk drive (venom, CVE-2015-3456)
ISSUE DESCRIPTION
The code in qemu which emulates a floppy disk controller did not
correctly bounds check accesses to an array and therefore was
vulnerable to a buffer overflow attack.
IMPACT
A guest which has access to an emulated floppy device can exploit this
vulnerability to take over the qemu process elevating its privilege to
that of the qemu process.
info: http://venom.crowdstrike.com/
patch:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
(from redmine: issue id 4181, created on 2015-05-14, closed on 2015-06-16)
- Relations:
- child #4182 (closed)
- child #4183 (closed)
- child #4184 (closed)
- child #4185 (closed)
- Changesets:
- Revision 5a3a4662 by Natanael Copa on 2015-05-14T06:45:59Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
fixes #4182
- Revision 22634a6c by Natanael Copa on 2015-05-15T10:06:35Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
- Revision a75142b6 by Natanael Copa on 2015-05-20T08:35:36Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
fixes #4183
- Revision d747647a by Natanael Copa on 2015-05-21T07:01:35Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
fixes #4184
- Revision b63d4726 by Natanael Copa on 2015-06-15T10:05:32Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
fixes #4185