Summary
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware:
Various security issues have been found in the block qemu drivers.
Malformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information leak was discovered in the VGA emulation
Solution
For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u4.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your qemu-kvm packages.
Insight
Using KVM, one can run multiple virtual PCs, each running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
Affected
qemu-kvm on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities